How Digital Hoarding Increases Your Cybersecurity and Sustainability Risks

It is the 20^th anniversary of National Cybersecurity Awareness Month (NCSAM) and time to reflect upon the massive digital footprint you may have created during this time span due to hoarding.

Just pause to think about it in your personal life. When was the last time you conducted a digital purge and deleted unnecessary photos, emails, music, mobile apps, social media content, etc.? All the unnecessary data and apps you are hoarding broaden the ability of cybercriminals to socially engineer you, steal your identity, conduct account takeover, and commit fraud–all while negatively impacting the environment.

Just like in your personal life, this same issue plagues the corporate world. Many organizations have become digital hoarders. They don’t even realize it because they don’t know where and how much data they have, due to factors like application and shadow environment sprawl.

If your organization hasn’t already conducted a full inventory of data and environments they are hoarding, not only will your carbon footprint continue to grow due to energy used to do things like store, compute, and cool—which all impact your ESG environmental social and governance reporting metrics and goals—but you’ll also continue to create a larger attack surface for cybersecurity and compliance risks. And that could result in privacy violations, fines, and brand damage.

Many organizations don’t believe they have a data hoarding problem because they store most of it in the cloud, which minimizes the impact. The reality is most people have started to hoard even more data than before because they can easily store it in the cloud. An MIT report highlights that the cloud now has a larger carbon footprint than the entire airline industry—and a single data center could consume the equivalent of electricity used by 50,000 homes because of this.

Another consideration is the accelerated pace at which organizations are adopting AI strategies and creating a culture of bragging about having the most “data” so their AI will be smarter—which doesn’t always follow. Having trustworthy AI is not really about the amount of data, rather the quality of data and having the right AI to train and gain insights into that data.

In fact, the “garbage in / garbage out” premise applies to AI models too, as it could cause inappropriate hallucinations and undermine your security posture. This is why you should not only consider the usage of data in your AI models, but also take into consideration the environmental impacts of AI from the start—because that can also dramatically impact your ESG reporting metrics. MIT Technology Review reported that just training a single AI model could emit as much carbon as five cars over their lifetime. And University of California research shows just five ChatGPT queries can use 16 oz. of water.

Here are five things you can do to help reduce your corporate digital hoarding and improve upon your cybersecurity and environmental sustainability goals:

1. Create a data governance strategy. Using tools like the CISA Cross-Sector Cybersecurity Performance Goals is a great starting point to improve and sustain digital hygiene.
2. Conduct a digital audit. Be aware of what your environment looks like, including all homegrown and third-party apps, APIs, and scripts. Then explore ways to document and maintain this list. And don’t forget your SBOM requirements!
3. Know where your data is stored. Know where the data centers are and what types of sustainability goals they have (e.g., data centers run on hydroelectricity.) Then explore how cloud-native functions can help you meet sustainability goals. Heavy Reading’s 2023 5G global survey recommends reducing power consumption by moving as many functions as possible to a common infrastructure platform.
4. Train your AI models wisely. Understand your AI carbon footprint by using new tools like the Machine Learning Emissions Calculator to make decisions on cloud provider, geographic region, and hardware usage.
5. Do a hoarding purge. Less can be more. Now that you know where everything is, delete what you don’t need and keep strong hygiene as you move forward.

Just as in your professional world, there are things you can do to curb digital hoarding in your personal life:

1. Delete unnecessary apps. The average user installs 80 apps on their device but only really uses nine of them.
2. Unsubscribe to email lists. Do you really need all those emails? If your kid just started high school, why do you still need that diaper coupon promo subscription?
3. Create digital photo albums. How many selfies do you really need? How about photo bursts of 20 pictures of the same thing?
4. Do a social media scrub. Unfollow accounts, groups, and people that you are no longer interested in.
5. Recycle all your old devices collecting dust (phones, tablets, computers). Many local communities do fundraisers where they will collect old devices. Or you could consider selling them (ensure they are wiped first).