[BreachExchange] How to Bulletproof Your Business Data Against Breaches in 2019
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Jan 24 19:44:44 EST 2019
https://www.business2community.com/cybersecurity/how-to-bulletproof-your-business-data-against-breaches-in-2019-02163094
Over the past year, and even before then, many services have either fallen
prey to hackers or suffered from accidental data breaches and leaks.
Legislators are now cracking down, passing laws related to data breaches in
several states. Singapore Health Services and other agencies were recently
fined $1 million in response to data breaches that violated the country’s
personal data protection act.
How bad is this problem? The World Economic Forum lists data breaches and
cyber attacks as top global risks, alongside natural disasters and climate
change. Worse, it seems as if security isn’t keeping up with technology.
Nearly half of all IoT companies cannot detect when their devices have been
breached.
Clearly, there’s more a lot at stake now. Businesses have to become more
proactive in regards to customer data security. Below are a couple of
solutions worth considering this year.
Businesses Can Implement Blockchain Tech to Prevent Data Breaches
The very nature of blockchain makes it a perfect fit for this application.
The technology itself was created as a means to store data in a way that
prevented it from being exploited by bypassing traditional, centralized
methods of storage and access. This means that there is no single point of
failure. Even if somehow hackers are able to access and disrupt one node,
the breach doesn’t impact the security of all the data, recorded on the
ledger.
Businesses across several verticals including finance, healthcare and
e-government are now exploring new keyless signature infrastructure based
on blockchain as a mean of authenticating and regulating data exchanges.
Prioritization And Risk Management Need to Drive Cyber Security Policy
75% of company leaders name cyber security as a top priority. The problem
is that while understanding the importance of the issue is relatively easy,
determining the best plan of attack isn’t. New technologies are creating
new opportunities for hackers to cause damage. Organizations must identify
where there greatest risks exist, and the data which requires the most
protection. One emerging risk is spear phishing where company executives
are targeted in order to gain access to the business’ most valuable data.
One global insurance company started with a less than successful, $70
million security initiative. The problems were that many of the suggested
measures were never implemented, and there was significant resistance from
other business areas. They were able to turn things around by including all
impacted business areas in an analysis project to identify what data needed
to be prioritized, thus gaining a more comprehensive plan moving forward as
well as a buy-in.
That’s not to say that what worked for this insurance company will work for
every organization. The point is that the risks are too many and growing,
and it’s easy to get overwhelmed in dealing with everything at once. By
identifying risks and creating a set of priorities, companies can launch an
organized plan of attack.
Active Defense Methods Must be Deployed
Hackers are getting smarter and more organized. Not only that, but the cost
of launching a massive attack is plummeting. Businesses that have
traditionally taken a passive or reactionary approach to data security are
most at risk. To prevent data breaches going forward, they’ll need to
deploy active defense methods. This means anticipating potential attacks,
and responding to them in real-time.
This can be done by implementing intrusion and anomaly detection systems,
powered by big data analytics. The majority of businesses also switch to
Java as their primary programming language as it offers greater security.
Java programs can be designed to run in a “sandbox” environment – a measure
that prevents many activities from untrusted resources. You can further
monitor Java applications to ensure that no unsolicited actions take place
and balance the performance of your applications in near real-time.
Big Data Will Play a Role in Learning to Prevent And Mitigate Attacks
Conversations about big data tend to focus on the huge sets of data that we
collect on customers, customer behavior, sales transactions, etc. While
that information is certainly important, that’s not the only data that is
being collected. Businesses are also collecting information on security
breaches, and analyzing that data to identify trends. In addition to this,
existing data sets can also be mined to help determine statistical norms.
Then, when operational data deviates from these norms, action can be taken.
Enforce Access Restrictions With Vigilance
The truth is, most violations don’t occur through backdoor attacks. They
happen due to employee error, and in very circumstances, malicious
activity. The key to preventing this is simply ensuring that employees can
only access the data they need to do their jobs. This level of control
should also take device policies into consideration.
Where many businesses fall flat is that they don’t see this as an ongoing
process. Employees change departments, are promoted, or their duties
change. Unfortunately, their permissions often remain unchanged. It’s
imperative to regularly match employee’s required duties with their data
access permissions.
Of course, training bears mentioning as well. As workers take on new
positions or are given new duties, it’s dangerous to assume that they will
simply know when and where data security risks exist. Part of training and
onboarding should involve educating them about security procedures and
risks that may be new to them.
Protecting your data against breaches must involve a multifaceted approach.
This means employing innovative tech solutions, using data to your
advantage, and ensuring that your workers are appropriately trained.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190124/d91b903e/attachment.html>
More information about the BreachExchange
mailing list