Today, the information that we put online is not only critical, but, given that it can be shared across social media and analysed for targeted advertising, it can be used to build a detailed and accurate profile of a user and what she does every day. Simply put, online data is a representation of a user’s “digital self”. If anyone gains unlawful access to this information, it can lead to serious damage, monetary and otherwise. The same goes for business data, except that the data inside a business has corporate ownership and, therefore, the loss of such data could affect thousands of people or, worse, force the business to shut down altogether.
Today, malware attacks are a digital reality for organisations. But with a plan in place to help protect against these types of attacks, risks can be mitigated quickly and within compliance, ultimately strengthening brand equity in the event of a breach. The following are some guidelines for this plan.
Investing in an internal cybersecurity awareness programme
Training programmes help users in understanding the importance of the data they work with and the different methods that may be used by an adversary to gain access to their data. Phishing (or spear-phishing) is still the most common attack vector but users also need to learn about malvertising, which can be used to deliver ransomware, and for watering hole attacks and targeted social engineering. Understanding the different methods will help users better protect themselves and others – inside and outside the workplace.
Understanding the data held by an organisation
Most often, the immediate reaction following an attack or new compliance requirement is to implement blanket levels of security. Different data have different business values, access needs and life cycles. Blanket security means that a PDF on the website becomes as hard to modify as it would be to update a person’s medical records. This becomes too costly and complex to manage, and impedes legitimate data use/flows. Understanding data – where it is held, what life cycle is, who (internal and external) needs legitimate access and what the compliance requirements are – is key to successful data protection.
Investing only in suitable security products
Given the evolution of data protection and cybersecurity, every business has covered the basics of firewall, intruder prevention, antivirus, software web and email gateways. Eventually, when there is a breach, another solution is purchased to prevent the breach from occurring again. This knee-jerk reaction is common, and from as far back as 2016, an average enterprise has reportedly been using around 75 different products.
However, a company may already own the best security solution.The best security solution may be the one that a company already has. The real challenge, however, is to extract relevant information and activate alerts exactly when they are needed. Chief information and security officers and IT teams need to think about how they can deploy a layer of security to the business that does not replace what the company already uses but instead enhances it. The answer to the problem can never be “rip and replace”; rather, value comes from the ability to leverage the existing solutions and skills in order to provide the fastest and most accurate threat mitigation strategy possible.
From there on, organisations are well advised to think about how their network infrastructure understands its own data patterns – knowing what “normal” looks like makes it easier to detect anomalous behaviour and the unknown. Automated, intelligent security solutions can then make decisions on whether the incoming data traffic is “good”, “bad” or “unknown”. Suspicious data should be automatically subjected to advanced analysis – including sandboxing – to identify and provide data that allows the security team to make an informed final decision on whether it should be allowed or rejected.
Despite the protection in place, sometimes threats enter the network or are introduced accidentally by a user. In this case, advanced threat prevention solutions are useful, providing a consolidated view not only across all security solutions, but also the east-west spread of a threat inside the network. From there on, engineers should be equipped to deploy required changes or updates to neutralise a threat quickly and easily.
The importance of protecting data and understanding how different types of information can be used for anything from marketing to malware cannot be overstated. Finding the right balance that ensures a smooth flow of data within the business is key. The next step is to educate employees (on an ongoing basis) and reduce the risk of downloading files from untrusted sources or clicking on malicious links.
Data protection is a constant requirement for modern digital businesses. For an organisation, the key components of a viable strategy must be a robust understanding of its unique data and flow patterns, fit-for-purpose detection, analysis and mitigation tools that leverage intelligence and automation in tandem with its network team, and relentless employee education.