SpectorSoft: Data breaches in your company aren’t going to wait for you
Written by Gareth Fearn from SpectorSoft.
It’s almost inevitable. When you hear about data breaches, time and time again and see the similarities that exist in every story, you begin to realise that no company is impervious.
“Not my company” you say? When you factor in the malicious Insider with access to data, you really have no say in the matter because you can’t stop someone that you don’t know about from doing something you’re unaware of.
Go back and read that again – it’s important.
Think about that – you have a breach response plan based on today’s people, systems, technologies, etc. and if something was to happen today, you won’t possibly know about it for a year or more.
So then, what are we talking about exactly when asking are you planning for a data breach? Here are some basic thoughts we need to agree on to really get to the root of what your company needs to be doing.
- It’s going to happen – You need to recognise that even your company will have a data breach. Most likely several have already happened and no one knows about them.
- You may not be able to stop it – This is a tough one, but it needs to be said. When you’re dealing with an external threat, you can take action to stop it from happening – secure apps, lockdown the firewall, etc. But when it’s an Insider Threat – someone with appropriate access to systems and sensitive data – it’s a lot tougher to keep them from doing something as simple as printing out documents and taking them home.
- You can detect data breaches – A data breach from an internal actor is nothing more than the copying or transmitting of data through a very small number of mediums – email, webmail, USB, cloud storage, etc. One of the challenges here is to be able to determine whether these kinds of activities are malicious in intent (intent is normally very tough to determine using data only).
So if you’re actually planning for a data breach, it means you believe it will happen and want to do something about it today. Here are a few solutions that may help:
- Data Loss Prevention (DLP) – this solution secures data through the categorisation of data by type, assigning roles to individuals and allowing certain data types to be used by certain individuals via specific mediums. An example would be the Finance VP is allowed to take financial data and send it out via email, but a junior accounting person can only view that same data.
- Security Information Event Management (SIEM) – this solution takes all the disparate audit data you can find, puts it together and works to paint a picture of employee activity (among other types of activities). The challenge here is do you have an audit trail for the path an employee takes to take data?
- Insider Threat Detection (ITD) – this solution monitors employee actions using an agent on the employee’s computer, empowering you with visibility into each and every action performed, regardless of platform, application, medium or method used to steal information.
Take action now – the data breaches in your company aren’t going to wait for you.