Data protection is the ultimate cybersecurity endgame. For this reason, it is near the top of the agenda in any security team meeting. They know they need to do all they can to ensure data stays inside the organisation and, therefore, will layer software and hardware solutions to make that happen.
After all, their adversaries (threat actors) will do anything to gain access to that data for resale, including damage it, lock it up and demand ransom payments for access.
This battle began because of the importance that data has in a modern digital business; it is the flow of data that makes a business unique. No two are the same and it is critical for data to be well-protected.
As crucial as it is to have technology in place for protecting data, it is just as important to ensure that users have security awareness too, since many breaches begin with an innocent double-click to open a file or email.
Data used to be simple; only stored online to make it easier for us to keep up in the digital age. Examples include one’s name, email address or password, which could be combined with the name of a pet or parent so that it could be easily reset whenever it was forgotten. None of it seemed important, and certainly not perceived to affect anyone’s life, if mislaid.
Fast forward 10 years and all of this has changed. Today, the information that we put online is not only critical, but because of the way that it can be shared across social media and analysed for targeted advertising, it is also possible to be used to build a detailed and accurate profile of who you are and what you do every day. Put simply, online data is now a representation of your ‘digital-self’. If anyone gains unlawful access to this information, they are able to make online purchases, take out loans or perhaps cause mischief like stop mobile phone contracts or cancel airline tickets.
Corporate Data Loss Can lead to Closure
The same goes for business data, except that the data inside a business has corporate ownership and, therefore, loss of that data could affect thousands of people –or even force the business to close altogether.
Malware attacks are a digital reality for today’s organisations. But with a plan in place to help protect against these types of attacks, risks can be mitigated quickly and within compliance, ultimately strengthening brand equity in the event of a breach. Some useful guidelines for this plan are:
Invest in an internal cyber-awareness program. These training resources help users understand the importance of the data they work with and the different methods that may be used by an adversary to gain access.
Phishing (or spear-phishing) is still the most common attack vector but users also need to learn about malvertising, which can be used to deliver ransomware, watering hole attacks and targeted social engineering. Understanding these different methods will help users better protect themselves and others – inside or outside of the workplace – who may be at risk.
Understand the data held by your organisation. Too often, the immediate reaction following an attack or new compliance requirement is to implement blanket levels of security.
This is not the answer. Different data has different business value, access needs and lifecycles. Blanket security means that a PDF on the website becomes as hard to modify as it would be to update a person’s medical records. This becomes too costly and complex to manage, impedes legitimate data use/flows and, over time, data protection will fail as users work to circumvent controls in the name of ‘efficiency’.
Understanding your data – where it is held, what it is, the lifecycle, who (internal and external) needs legitimate access and any compliance requirements – are all key to successful data protection. The project will more likely succeed because data is safe without impacting user access; but should the worst happen, your business is also in the best position to mitigate and move forward.
Invest only in suitable security products. Given the evolution of data protection and cybersecurity, every business will have covered the basics of firewall, intruder prevention, anti-virus, software web and email gateways. Eventually, there’s a breach and another solution is purchased to prevent the breach from happening again. This knee-jerk response is common, and from as far back as 2016, it was reported that the average enterprise has around 75 different products in use.
You May Already Own The Best Security Solution
In the same way that users are a great first line of defence when armed with good cyber-awareness, the best security solution may be one that you already have. The real challenge is how to extract relevant information and alerts from it exactly when they are needed.
CISOs and IT teams need to think about how they can deploy a layer of security to the business that does not replace what you already use but instead enhances it. Nowadays, despite what some in the industry might tell you, the answer to the problem can never be ‘rip and replace’. Rather, value comes from the ability to leverage existing solutions and skills, in order to provide the fastest, most accurate threat mitigation possible.
From there, organisations are well-advised to think about how their network infrastructure understands its own data patterns – knowing what ‘normal’ looks like makes it easier to detect anomalous behaviours and unknowns before they wreak havoc on the network. Automated, intelligent security solutions can then make decisions on whether incoming data traffic is ‘good’, ‘bad’ or ‘unknown’. Suspicious data should be automatically subjected to advanced analysis – including sandboxing – to identify and provide data that allows the security team to make an informed final decision on whether it should be allowed or rejected.
Despite the protection in place, sometimes threats enter the network or are introduced accidentally by a user. In this case, advanced threat prevention solutions are useful, providing a consolidated view not only across all security solutions, but also the east-west spread of a threat inside the network. From there, engineers should be equipped to deploy required changes or updates to neutralise a threat quickly and easily.
The importance of protecting data and understanding how different types of information can be used for anything from marketing to malware cannot be overstated, as it highlights the need to ensure the strongest possible protection and governance for business data.
It is all too easy to adopt the wrong approach when protecting data, and finding the right balance that ensures a smooth flow of data within your business is key. The next step is to educate employees (on an ongoing basis) and so reduce the risk of downloading files from untrusted sources or clicking malicious links – but that is a topic for an article on its own.
Data protection is a constant requirement for the modern digital business – the issue won’t ‘go away’ and there is no single answer. Be sceptical of any expert that tells you – or sells you – otherwise. The key components to a viable strategy must be a robust understanding of your company’s unique data and flow patterns, fit-for-purpose detection, analysis and mitigation tools that leverage intelligence and automation in tandem with your network team and relentless employee education.