Nucleus Cyber’s Steve Marsh penned this article that appeared in Security Boulevard
Intelligence is key to data security in an age where data breaches have gone mainstream
Did you vote on Tuesday? Or, were you part of the “nearly one in five Americans” who wouldn’t or were “highly unlikely” to vote in mid-term elections because of “concerns about the integrity of U.S. voting systems,” according to a Unisys poll?
Imagine if that was how customers felt about your ability to safely handle their information. Like an electoral register’s high value data, your organization maintains sensitive information subject to breach. This past week, news articles have been focused on election-related data security, but the reality is that the concern applies to protecting sensitive information across the board, 24 x 7.
Understanding the threats to data security
It’s pretty common to assume that companies fall into one of three categories: those that have been hacked, those about to be hacked and those who don’t yet know they’ve been hacked. Therefore, how can organizations go about protecting sensitive data?
To get started, we need to assess various attack vectors. Typically, the image that springs to mind is of the nefarious external hacker trying to break into enterprise systems. IT funds have overwhelmingly been directed toward preventing this type of attack on infrastructure and data silos. While external threats are certainly an issue, we also must look inside the castle walls to minimize the impact of a breach or speed up detection of anomalous user activity with our sensitive data.
Once hackers breach the external defenses and get in, they implement a “land and expand” strategy. Their objective is simple: seek out credentials and systems containing the most valuable data (e.g., PII, healthcare/HIPAA or financial). In the majority of data breaches, compromised credentials are most hackers’ tool of choice. In this type of attack, hackers access the victim company’s data by impersonating a real, authorized user. It’s one reason why data breaches take so long to discover.
The overlooked culprit: your users
Just as risky as the danger you don’t know (external threats) is the one that you do: users themselves (inside threats). Data breaches resulting from internal users account for a large percentage of data breaches.
Insider threats generally fall into two types of user related breaches: the accidental (e.g., emailing a document to the wrong people or leaving a thumb drive in the back of a taxi) or malicious (e.g., corporate espionage, insiders downloading large amounts of data to sell, stealing information before leaving a job for whatever reason). In the current political landscape, the latter type is all too familiar, given the various leaks emanating from inside our corridors of power.
What can we do to protect our data?
From an external standpoint, we build a more intelligent castle wall. While this isn’t the time for building a higher or thicker wall (although a reasonable amount of height and thickness is required), it’s really about supplementing exterior defenses with the intelligence to detect new threats and devise appropriate responses. Many vendors have invested in a variety of solutions to assist in this space for monitoring networks and adapting protection for malware (the typical vehicle for external hackers to start their land and expand attack strategy).
As for the internal threats, it’s about two things: a more intelligent workplace and better educated internal users. Today’s tech-savvy workers just want to get their jobs done. Any data security solution must be intelligent enough to detect and prevent both malicious and accidental breaches in a way that won’t disrupt productivity and efficiency. Otherwise, you increase the risk of users finding alternative methods to collaborate or share information.
The importance of content and context for intelligent data security
Educating users about any new security system and the reasons for them being implemented is a critical strategy that must be paired with intelligent workplace tools to support the effort.
For example, perhaps a user downloads large volumes of data at an odd time of day or from an unusual location. AI-powered detection of anomalous activity can be used to spot and stop both the malicious internal spy, as well as the hacker, using compromised credentials.
The content and context of the data being accessed and shared is equally important.
AI-powered solutions can help here, too. For example, if a user tries to send to an external party an email attachment of a document that policy dictates is for internal use (e.g., contains customer PII), AI can prevent it from being attached and sent. Another example is applying different usage rights based on a user’s location or device to prevent sensitive information from being exposed (e.g., confidential M&A information you don’t want an employee reviewing while grabbing a latte at a local coffee shop.)
Securing data from the inside out offers the best protection
We should use this election cycle to remind ourselves that we live in an age where data breaches have gone mainstream and our businesses can be financially crippled by exposure of sensitive data. Traditional castle walls or perimeter security still play important roles, but in a time of true enterprise collaboration we need to fortify security with an intelligent workplace that protects data and customers, and even users from themselves.
Learn more about Nucleus Cyber’s AI-driven data security solutions that make the intelligent workplace a reality.