This article is an adapted version of a piece originally published by Cyberwatch Finland. You can read the full article in Cyberwatch Finland Magazine (English Edition 3/2025), page 33.
Global political instability is changing the way cyberattacks are planned and executed. Critical infrastructure – energy, healthcare, defense and supply chains – is increasingly being targeted. And cyberattacks today aren’t just about money. They’re also about disruption, influence and power.
In this environment, even a small, overlooked data trace can turn into a serious vulnerability.
From Opportunistic Attacks to Precision Operations
Cyber threats are no longer limited to lone hackers or broad, random campaigns. State-sponsored and politically motivated actors now play a major role, bringing with them time, funding and highly specialized skills.
Instead of casting a wide net, these attackers focus on specific organizations and individuals. They design spear-phishing campaigns and custom malware to exploit whatever data is available – including traces most organizations don’t even realize are there.
Regulations Help – But They’re Not the Whole Story
Regulations like NIS2 in the EU and the CCPA in California are an important step forward. They push organizations to take accountability seriously and strengthen their baseline security.
But in practice, compliance efforts tend to focus on visible – data documents, emails, media files. What often gets missed is the much larger volume of invisible and residual data sitting quietly in the background.
The Data Iceberg
A useful way to think about this is the data iceberg.
- Above the waterline (10–25%) is visible data: files users create and work with every day.
- Below the waterline (60–80%) is invisible system data: caches, temporary files, restore points, shadow copies, backups and configuration data.
- At the deepest layer (5–15%) are traces of deleted files. Even when files are “permanently deleted,” fragments often remain recoverable until they’re securely overwritten.
This hidden mass is essential for system operation and exactly where advanced attackers go looking.
Why Invisible Data Is a Real Risk
Deleting a file doesn’t mean it’s gone. Residual traces can often be recovered and reconstructed using forensic tools. System data like caches and restore points may also contain snapshots of user activity, exposing sensitive information.
These risks exist everywhere, but they’re amplified in today’s geopolitical climate:
- Small data fragments can provide valuable intelligence.
- Data leaks undermine trust with partners and clients.
- Exposed system data can give adversaries an operational advantage during crises.
Protecting the Full Data Lifecycle
Real resilience comes from protecting data throughout its entire lifecycle: from creation and daily use to secure end-of-life disposal. Focusing only on visible data leaves a gap where invisible data and deleted traces accumulate.
Closing that gap requires both prevention and elimination:
- Preventive controls reduce exposure, but they don’t remove data that already exists. When files are deleted, the data often remains in free space until it is securely overwritten.
- One of the most practical ways to eliminate this hidden layer is to wipe free space. Securely overwriting unused disk areas ensures residual data can’t be recovered later.
How Jetico Helps Close the Gap
To eliminate the hidden layer of the data iceberg, organizations need more than standard deletion.
BCWipe securely wipes free space, permanently overwriting residual data left behind after files are deleted. This ensures sensitive information can’t be recovered from unused disk areas, closing one of the most overlooked security gaps.
But secure erasure is only part of the solution.
For over 30 years, Jetico has helped governments, defense organizations and enterprises protect data across its entire lifecycle by providing:
- Encryption to protect visible, user-facing data
- Data discovery to identify hidden and vulnerable data
- Data erasure to securely wipe insivible data
- Granular access control to prevent untrusted processes from accessing sensitive files
Because protecting only the tip of the iceberg is no longer enough.
Frequently Asked Questions (FAQs)
Invisible data refers to system-managed and residual information that users don’t normally see or manage. This includes caches, temporary files, restore points, backups, metadata and traces of deleted files. Invisible data matters because it often contains sensitive information and is frequently overlooked by traditional security controls.
Encryption is a critical part of data protection, but it mainly secures visible, user-created files such as documents and emails. Encryption alone does not protect invisible data or deleted data traces, which can still expose sensitive information if not properly managed.
Yes. Standard file deletion removes references to data but does not erase the data itself. Until storage space is securely overwritten, deleted files and data fragments can often be recovered using forensic tools. This is known as data remanence.
During geopolitical instability, state-sponsored attackers have the time, resources and expertise to exploit hidden data. Even small fragments of invisible or deleted data can provide intelligence about operations, infrastructure or behavior patterns, increasing cybersecurity and national security risks.
Protecting both visible and invisible data requires a full data lifecycle approach. This includes encrypting active files, discovering hidden and residual data, securely erasing deleted information and controlling which applications can access sensitive data through whitelist-based security models.