Don’t be a Cyber #Fail. Protect the Actual Data
Ransomware attacks quadrupled in 2016 and will double again in 2017, according to a report issued on Monday by Beazley, a provider of data breach response insurance. Very often organizations take careful pains to protect their perimeters, however, perimeters are now porous, and information travels outside on laptops, personal devices, through communication channels, like email etc. Furthermore, once a perimeter is breached, data repositories are, unfortunately, not as carefully protected as they should be. For example, in many cases password protection and login information is through application access only, however, if one has administrative access to a server, then they can see the data quite clearly on the back end. A bad actor with access to rights can now get to anything they want. This lack of data protection, once the intruder gets in, is where we see a huge #fail. True data security goes down to the level of the data. It is important to assess what the bad actors are targeting in most attacks. When it comes to a cyber-attack, much of the information accessed is frequently lost in the following manner: 1. Through email in general – email is by far the primary target for most attacks. 2. Sensitive email that did not need to be preserved or retained in particular. 3. Information on mobile devices that could have been removed and has no need to live in the transitory environment of the device. With communications as a primary target, it is important to evaluate how your organization secures, manages, retains and disposes of these items based on policies. To improve information protection and your cyber security stance, it is important to create a better environment for your organizations. In particular, it is important to identify the following:
- Data repositories, machine or human generated, that contain particularly sensitive data.
- Level of sensitivity and privacy.
- Discuss data anonymization and scrubbing for protection.
- Repositories that are vital to business continuity.
Contributor: Galina Datskovsky