[BreachExchange] What’s in store for data security in 2017?
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Jan 5 18:56:07 EST 2017
http://www.itproportal.com/features/whats-in-store-for-
data-security-in-2017/
The security of sensitive data will be at the top of the C-suite’s agenda
as we reach 2017. High profile data breaches continued to make headlines
throughout 2016, sometimes with devastating consequences to both company
reputation, finances and customer trust. Cybersecurity has been
reprioritised because decision-makers and executives have witnessed the
negative effects that can significantly impact the bottom line and future
profitability.
Security resilience has to begin with managing the proliferation of data
that shows no sign of abating. To protect its most sensitive information, a
holistic information management strategy should be at the core of every
business. Future decisions have to hold far more recognition of how content
is managed and governed, with the ultimate aim of eliminating
data-hoarding.
Investment made by CISOs will shift more toward granularly identifying
information vs. parametric measures. Depending on your business, digital
information on average is doubling every three to nine months. The
knee-jerk reaction to burgeoning data is to protect all that ‘stuff’:
contain it behind hyper secure firewalls, deploy DLP (data loss
prevention/protection) technologies at the parameter and key core switches,
leverage active packet inspection technologies at the parameter, and lock
down USB ports. These are all good countermeasures that help partially
solve the issue, but they don’t prevent it. In 2017 and beyond, you will
see a more deliberate movement by CISOs toward first identifying what
exactly it is they are securing, and assigning security levels to that
content.
This change in how data is governed will clarify what content is sensitive
and what is not, making it easier to assess the extent of the damage if a
breach occurs. This isn’t about locking down more data to make it unusable
– rather, it’s about making the data usable with pervasive, invisible
governance around it.
Waking up to the risks of redundant, obsolete and trivial (R.O.T) content
As enterprise content ages, its value to the business declines, and the
risk that content poses to the organisation also goes up. Studies have
shown that up to 70 percent of data in an enterprise is R.O.T. which
represents a large vulnerability. For example, in Edward Snowden’s case,
the documentation he uncovered at work was largely made up of archives and
wasn’t particularly relevant to Booz Allen, but it was extremely relevant
and damaging to the US Government.
The archives contained sensitive information and Snowden’s employer clearly
didn’t have the proper internal content controls, policies and procedures
in place; that has been a loud and clear lesson for CISOs that previously
didn’t invest significantly in content lifecycle management. All of the
information being created can’t just linger indefinitely without posing
future risks. You have to ultimately make the choice to categorise and
delete some of it, particularly if it is not of use. In the information
management discipline, it is a well-known fact that as content ages, its
value to the corporation decreases and the risk increases by an exponential
factor.
The rise of ‘applied governance’ to unstructured data: Earlier this year,
more than 20,000 pages of top-secret Indian Navy data, including schematics
on their Scorpene-class submarines, were leaked. It’s been a huge setback
for the Indian government. It’s also an unfortunate case study for what
happens when you lack controls over unstructured information, such as
blueprints that might be sitting in some legacy engineering software
system.
Now, replace the Indian Navy scenario with a situation involving the
schematics for a Nuclear power plant or consumer IoT device, and the value
of secure content curation becomes even more immeasurable. If unstructured
blueprints and files are being physically printed or copied, or digitally
transferred, how will you even know that content now exists? Also, as more
industries move towards digitisation, physical content will not simply
disappear, and there must be a way to keep a record of it, as it will still
hold value. Tracking this ‘dark data’ – particularly in industrial
environments – will be a top security priority in 2017.
Unfortunately, cybercriminals are becoming more sophisticated and organised
when it comes to malicious attacks and employ a range of tactics to ensure
maximum disruption and financial gain. In order to fortify defences and
remain resilient in 2017, rather than just implementing additional
parametric security measures to protect all data, companies should start to
carefully examine and qualify their content to determine what is sensitive
and valuable.
More resources must be devoted to assessing and organising all content (not
just digital, but physical records that still hold value), and proactively
removing data that is no longer relevant or important.
Businesses will be in a better position to withstand and mitigate evolving
threats by adapting this approach in the New Year.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170105/a17b5a9c/attachment.html>
More information about the BreachExchange
mailing list