IBM released its annual calculation of the average data-breach cost: $4.88 million in 2023—a 10% spike from the previous year’s figure. And this year, the company measured a murky metric that adds more moolah to the figure: shadow data.

“Shadow data is that data that an organization needs to keep track of and should be aware of, but isn’t,” Sam Hector, global strategy leader at IBM Security, told IT Brew, citing examples like uploads to unsanctioned cloud services and storage on personal drives and public repositories, such as GitHub.

When this unmanaged, invisible-to-IT data is involved in the breach, the cost rises to $5.27 million, 16.2% higher than the average cost without shadow data; 35% of breaches featured shadow data, according to IBM’s study of 604 organizations that suffered a data breach between March 2023 and February 2024.

Hector spoke with IT Brew about why costs rise when data goes dark.

Responses below have been edited for length and clarity

What leads to “shadow data”?

Shadow data is primarily being caused by the huge adoption of hybrid clouds. Companies are adopting public cloud services, in order to gain cost efficiencies, and be able to cope with spikes and drops in demand efficiently, as opposed to having all of the infrastructure controlled by themselves.

Read the rest here.—BH

We’re in the era of AI experimentation. Employees are trying new tools + exploring AI’s potential, and legislation is racing to keep up. All of that change leads to uncertainty and leaves businesses vulnerable to compliance mishaps.

Need some guidance on how to keep track of changing legislation and standards? Join Grammarly on Aug. 27 for a conversation with Head of Governance, Risk, & Compliance Alan Luk and Senior Product Council Scout Moran.

Learn from the leaders of an org on the AI compliance forefront as they chat through:

• how regulatory requirements should inform AI strategy
• vetting the compliance of potential vendors
• upcoming legal changes that may affect operations
• how Grammarly drives innovation and supports AI

Save your spot.

July saw the C-suite heat up, as some came and others went.

Cheryan Jacob sprints to Nike as CIO

Athletic apparel behemoth Nike hired former Salesforce SVP and Head of Platform Engineering Cheryan Jacob as CIO in July, CTO Muge Erdirik Dogan said in a memo to employees. The new hire is expected to “play a key role in delivering on our priority of simplifying, standardizing, and modernizing our platforms,” Dogan wrote. Nike’s most recent quarterly earnings report showed a 2% YOY sales decline and the company forecast a 10% decrease in the current quarter, triggering a 20% share price drop.

Jacob has extensive engineering and leadership experience, including at Salesforce, Microsoft, and Apptio (which IBM acquired a year ago). He’s already looking for help, posting a job listing on his LinkedIn for a distinguished engineer the same week he came on board.

New Macy’s tech executive an internal hire

Macy’s promoted Keith Credendino to CIO in July, from his position as SVP of technology product development and customer experience. Credendino has been with the company since 2022, following four years at Inspire Brands as SVP of digital tech, and a 10-year stint at the InterContinental Hotels Group, most recently as VP of product management. He replaced outgoing CIO Laura Miller, who retired effective August 3.

“As our new CIO, Keith will continue to simplify and modernize our technology stack,” COO and CFO Adrian V. Mitchell said in a statement.

Read more here.—EH

Deleted a GitHub repository? That data might not actually be gone forever, even if the site’s UI indicates otherwise, per a recent report by Truffle Security.

According to Truffle CEO and co-founder Dylan Ayrey, the issue seems to arise from the fork function—which allows users to create downstream clones of repositories that share code and visibility settings with the original, upstream repository. Users are likely to assume forking creates a “completely separate, isolated copy” of the original repository, Ayrey told IT Brew, but it’s not commonly known that it actually does something else.

“As it turns out, the process of creating that fork created something called the fork network,” Ayrey said. “And the fork network, the way it works under the hood—all of the different forks can share the same underlying pool data.”

When a repository is forked, it’s mirrored to the underlying pool data. Although the owner of the original repository can click a button to delete it, they can’t delete the underlying pool data, which remains accessible via any forks in perpetuity. If a fork is public, that means the underlying pool data is, too, explained Ayrey.

Keep reading here.—TM

Level up your LLM. Launched a successful large language model pilot? Here’s what’s next: scaling, testing, and tracing your LLM outputs with Amazon Web Services and Pinecone. With Pinecone, you get a fully managed vector database solution, designed from the ground up for production readiness. See how Pinecone connects with Amazon services to accelerate DevOps production.