How to unlock collaboration in a sensitive cyber-security environment
Collaboration is the word on everyone’s lips when it comes to productivity – it helps speed decision-making, improves communication and services, and drives innovation. While tools supporting collaboration are fast gaining adoption within companies of all sizes, without the proper controls national secrets can be exposed, competitive advantage can be lost and identities, stolen.
On a per company basis, data breaches have risen 27% on figures from previous years with averages increasing from 102 to 130 breaches per year . In October this year, Australian-based shipbuilder Austal confirmed that its Australian business had been hit by a cyber-attack which breached the company’s data management systems, managing to steal not only staff email addresses and mobile phone numbers, but naval ship design drawings as well.
Equifax, a consumer credit reporting agency, was victim to one of the most significant data breaches in recent years where hackers successfully stole 143 million customer records. This cybercrime brought with its devastating consequences due to the type of personally identifiable information stolen and the effect it had on the credit markets. Information theft of this type remains the most expensive consequence of a cybercrime.
Cybercrime continues to rise with attacks now costing the global economy over $774 billion . The cost of each breach has also risen, costing 23% more this year than in 2017. Organisations are now spending more than US$11.7million on cybercrime collateral; incurring costs from managing not only the attacks, but also from the disruption to the business, suppliers and customers. As a result, organisations are investing into the mitigation and protection of their data and network on an unprecedented scale . But is this investment being well spent?
How can we collaborate AND protect our most sensitive data from those who wish to profit from it?
Striking the balance between functionality and security has always been a significant challenge for storing and sharing sensitive and classified information within and between organisations. Often seen as opposing security, collaboration capabilities have been restricted in an attempt to mitigate against potential breaches. Tighter security measures have meant fewer feature-rich, collaboration tools have been made available for use within secure information environments.
Times have changed. Security measures are no longer justified as a reason for poor ICT capability and functionality. Corporate systems that slow progress and make it difficult for staff to work anytime, from any location, are being rejected in favour of the consumer-facing products and services that they are used to using outside work. The rise of Shadow IT , the software services staff use without corporate approval, poses a significant risk of corporate data loss and exposure. With Wi-Fi network cloning, phishing and social engineering attempts are all widely used to compromise corporate information and processes, the human security threat is very real.
Curiously, controlling the risk of data exposure is better accomplished by making secure collaboration easier for users, rather than by creating hoops for users to jump through as they try to do their job. Making collaboration easier, however, does not have to mean lowering security. Quite the opposite! Secure collaboration can be achieved by:
- building security into the design and build of the collaboration tools themselves, rather than by applying security controls around the tools,
- protecting the data itself, no matter where it travels, and
- ensuring security is as transparent as possible, surfacing only when a security-related decision is required by the user.
Using ABAC to secure the data for collaboration
Attribute-based access control (ABAC) grants access through the use of policies that combine attributes together. These attribute combinations can be used to control which data, files and applications are available for access by individual users. Without the precise match of user-to-object attributes, which can include information such as nationality, security clearance, location, device, network or organisation, users will never be granted access to the object, let alone know it exists. One change to the policy and a user’s access is granted or revoked immediately.
When used in combination with secure accredited cloud environments, application authorisation, real time threat detection and advanced malicious network activity detection, ABAC provides users with a robust comprehensive cybersecurity ecosystem in which secure collaboration can take place. Users receive the full benefit of rich, easy-to-use functionality, while the data is only available for use by those who are authorised to access and use it.
Security. Beauty. Functionality.
At archTIS, we are continually striving to make our products and services more secure, more delightful to use and functionally superior to our competitors. We have over 12 years’ experience in delivering secure information and identity management services and solutions within the highest security levels of the Australian Government.
Accenture. 2017 Cost of Cyber Crime Study, 2017. https://www.accenture.com/t20171006T095146Z__w__/us-en/_acnmedia/PDF-62/Accenture-2017CostCybercrime-US-FINAL.pdf#zoom=50
Norman, Jane. Australian defence shipbuilder Austral victim of Iranian cyber attack, 2018. https://www.abc.net.au/news/2018-11-01/defence-shipbuilder-austal-subject-of-a-cyber-security-breach/10458042
Sadler, Denham. Cost of Cybercrime Soars, 2018. https://ia.acs.org.au/article/2018/cost-of-cybercrime-soars.html
Boulton, Clint. Shadow IT: How today’s CIOs grapple with unsanctioned tec. https://www.cio.com/article/3240987/it-strategy/shadow-it-real-world-stories-of-unsanctioned-tech.html