As global organizations mark Cybersecurity Awareness Month, SK tes is sounding the alarm on a critical yet often ignored threat: the mishandling of end-of-life IT equipment. The Singapore-based firm, a leader in secure IT asset disposition (ITAD), is urging companies to treat retired hardware as a frontline cybersecurity concern—not just a logistical afterthought.
“Every data breach doesn’t start with a hacker—it can start with a forgotten hard drive,” says Tom Hoof, Group IT Director at SK tes. The company has documented cases of routers resold with active network credentials and hard drives containing hospital records appearing in secondary markets.
These incidents, SK tes argues, are not anomalies but symptoms of widespread process failures. Devices such as laptops, routers, and storage units often retain sensitive data long after decommissioning. A simple factory reset, commonly believed to be sufficient, fails to permanently erase data. Forensic tools can recover deleted files, leaving organizations exposed to breaches.
Rising Risks from Digital Residue
Recent investigations have revealed refurbished routers leaking corporate network information, firewall appliances exposing global configuration files, and hard drives with intact patient records sold publicly. These examples highlight the persistent threat posed by digital residue on outdated devices.
To mitigate these risks, SK tes advocates for strict adherence to internationally recognized data destruction standards, including NIST 800-88 and IEEE 2883:2022. These frameworks mandate not only data erasure but also verification of irretrievability—a step often overlooked in routine IT asset disposal.
“Secure data disposition must be treated as an integral part of an organization’s cybersecurity strategy,” Hoof adds. “It’s not the end of the IT lifecycle—it’s the final defense line against data compromise.”
Compliance Failures and Legal Exposure
Improper disposal of IT assets can lead to violations of major global data protection regulations such as GDPR, HIPAA, PCI DSS, NIS2, and DORA. These frameworks require strict controls over data storage, access, and destruction. Mishandling devices containing confidential information can result in multimillion-dollar fines, lawsuits, and reputational damage.
The exposure risk extends beyond intellectual property. Personal health data, financial records, and proprietary business intelligence are all vulnerable. For sectors like healthcare, finance, and government, such breaches can erode public trust and disrupt operations.
A Call to Action for IT and Compliance Leaders
SK tes warns that many organizations lack visibility into the whereabouts and status of their decommissioned assets. During Cybersecurity Awareness Month, the company is urging CIOs, CISOs, compliance officers, and procurement teams to ask:
“Do we know where our retired IT assets are—and what data might still be on them?”
To help address this blind spot, SK tes has released a free “8-Point Checklist for Secure IT Asset Disposition,” available at www.sktes.com. The guide outlines essential steps for wiping, verifying, and disposing of data-bearing devices in accordance with global standards.
About SK tes
Founded in 2005 and now a subsidiary of SK ecoplant, SK tes operates more than 40 facilities across 22 countries. The company specializes in sustainable technology lifecycle services and advanced battery recycling, recovering critical materials for reuse in manufacturing supply chains.
With a globally distributed network, SK tes ensures regulatory compliance, localized support, and reduced logistics costs. Its approach integrates cybersecurity, compliance, and environmental responsibility—helping organizations protect data while advancing a circular economy.
