Data can be your greatest asset and your biggest liability. It can create new customer services and fuel entirely new business models; however, its exposure can bring your business to its knees and lead to financial ruin. Can you strike a balance between safeguarding data and gaining the necessary insights to propel your business forward and maintain a competitive edge? Whether facing strict compliance mandates, potential cybercriminals, a new IT infrastructure, or simply the employees within your organization, one thing must remain constant – your control over protection of your data.
As the amount of private and confidential data grows, compliance should no longer be an option, but a requirement. At the same time, cybercrime is evolving to become more sophisticated and unpredictable. WannaCry, one of the most notable ransomware strains of 2017, targeted computers running on older Microsoft Windows operating systems. It was a new variant of malware that automatically spread itself, installing backdoors onto infected systems and infiltrating users’ computers through the network, bypassing the usual step of the user opening an email. Early in 2018, ransomware attacks against Atlanta and Baltimore disrupted critical emergency services and resulted in the loss of critical data.
It’s your responsibility to protect your organization’s sensitive data assets. By deploying the right data security tools and implementing data protection best practices, you can not only improve your business resilience but leverage your data securely to take your business to new heights.
Controlling Data in the Face of Ransomware
As evidenced by the major ransomware attack that hit the city of Atlanta earlier this year, ransomware isn’t just expanding its targets, it’s becoming a much more sophisticated threat. Cybercriminals are continually finding new methods to deliver ransomware beyond email attachments, malicious websites or adware. And whether they plan on paying the ransom or not, businesses are never guaranteed to get their data back. Recovering from the incident can halt critical business operations, erase years of data, spread distrust amongst customers, and require non-budgeted spending that in some cases was reported to be 10x the cost to be prepared in the first place.
Knowing this, in today’s cyber climate, the impact of a ransomware attack expands beyond just paying ransom, businesses must prioritize how to prepare. The aftermath of an attack has actually proven to be so costly and disruptive that the Department of Homeland Security (DHS) has made its official recommendation to minimize the effects, advising organizations to implement security best practices such as employee training, timely software updates and anti-malware deployments, along with frequent data backups, specifically backups isolated from the network as the most effective means to successfully recover from a ransomware attack.
Here are some actionable strategies to remain resilient in the face of ransomware:
- Integrated Backup and Recovery for Resiliency:
Expanding on the Department of Homeland Security’s recommendation, to help remain resilient from a ransomware attack and recover as seamlessly as possible, “Employ a data backup and recovery plan for all critical information.” Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Note that network-connected backups can also be affected by ransomware; critical backups should be isolated from the network for optimum protection.
- Data Access Management and Encryption:
A ransomware attack typically begins with the locking down your data or boot OS. However, with data access management, including workload isolation and encryption, the attack surface for malware can be minimized. If an attack does gain control of your computer or data, the confidence that your data is rendered completely useless to the cyber-criminal enables you to shut down the server, bring up a new server with data restored from backup and minimize downtime.
- Geographic distribution for Resiliency and Rapid Recovery:
When securing data on its way to object storage, consider storing copies of that data in multiple locations, not just locally. Object storage is a good strategy for copying data to different geographies using API connectivity to provide both resiliency and separation from your network. There is also the advantages of data splitting for an extra layer of resiliency, where if any one location is compromised, your data can be rebuilt from the remaining components.
Controlling Data at the Hands of Employees
Coca-Cola recently experienced a major data breach, but the cause wasn’t some malicious threat actor. Instead, the data compromised was due to unauthorized employee access. Employees -- the insiders -- are often the cause of a data leak due to lack of security training, too broadly defined or excessive access permissions and privileged user escalations.
While some businesses may fail to view their employees as a potential security liability, it can also be incredibly complex to monitor the unintended internal threats like users with weak passwords or employees who open an email with phishing/malware, as well as defend against the intentional “rogue user” or disgruntled current or former employee.
Yet with just a few key data-centric deployments, organizations can be in full control of their data, feel more confident in who is accessing it and be more empowered to leverage it for business insight. Look for a solution that offers the following:
- Policies: Deploy access limitations across the organization, which only grant data access to the roles requiring the data in a usable format to perform their jobs. Choose a solution that allows your organization to set and adjust security policies that manage the who, how, where and when users access decrypted data. Policies use role-based access control (RBAC) permissions, including defaults for least privileged access (LPA) and privileged access management (PAM) to ensure only those needing data access are allowed.
- Culture: Create a “culture of security” within the organization with structural practices and policies set from the top down and IT team outwards. This might include organization-specific best practices for sending, opening and saving files (e.g. Dropbox vs local drive) etc.
- Logging: An effective tool against insider threats is to capture access logs that easily integrate into your existing Security Information and Event Management (SIEM) deployments for aggregated data collection and analysis, allowing for quick action and continuous security improvements.
Controlling Data in the Cloud
Concerns around security are often cited as one of the greatest barriers to cloud adoption, even with businesses realizing the many benefits, including the ability to more easily launch and make changes to applications, yield insights from big data, increased infrastructure agility and ongoing cost savings.
Though there has been a noticeable push for cloud service providers (CSP) to focus on security over the past few years, it is ultimately the business who is responsible for securing its own data. And even with the resources and business processes in place to manage cloud security deployments, data privacy is still a consideration. It’s crucial that organizations can limit the access, use or modification or their critical data, since CSP administrators need access to IaaS servers and object storage disks to support daily operations.
Controlling Data to Meet Compliance
Now that the starting horn has been sounded on GDPR, and businesses around the world are seeing the impact, many standard security practices are being directed at meeting compliance. Among a number of comprehensive mandates, the regulation calls on organizations to implement “Data protection by Design and by Default” to ensure the proper collection, processing storage and erasure of data. Failure to meet compliance can result in significant fines of up 20M Euros or 4% of annual turnover.
In order to meet regulatory compliance and avoid slowing or disrupting security and other business operations, seek out a solution that offers access logging and strong, industry standard encryption (FIPS 140-2) for pseudonymization, along with cryptographic policy enforcement, data destruction, access auditing and integrated key management. Consider how implementations like this can support Articles 33 and 34, which state that no breach notification is necessary if the data in question was rendered unintelligible (encrypted) to any person who is not authorized to access it and is unlikely to result in a risk to the rights and freedoms of natural persons.
Resiliency in any Situation
As we generate more and more data, it’s crucial for any modern business to ensure that their critical data assets are available when needed, and always secure. Cybersecurity and data protection now go far beyond fighting the hackers but also help businesses ensure the privacy, integrity and availability of their data in day-to-day operations.
Whether switching infrastructures and migrating to the cloud, managing compliance or dealing with threats inside and outside of the organization, unsecured data can be a liability. But when data is resilient, it can be trusted, and reach its full potential to provide key insights into your business.
About the author: James Varner is President and CEO of SecurityFirst Corp.