Ransomware attacks quadrupled in 2016 and will double again in 2017, according to a report issued on Monday by Beazley, a provider of data breach response insurance. Very often organizations take careful pains to protect their perimeters, however, perimeters are now porous, and information travels outside on laptops, personal devices, through communication channels, like email etc. Furthermore, once a perimeter is breached, data repositories are, unfortunately, not as carefully protected as they should be. For example, in many cases password protection and login information is through application access only, however, if one has administrative access to a server, then they can see the data quite clearly on the back end. A bad actor with access to rights can now get to anything they want. This lack of data protection, once the intruder gets in, is where we see a huge #fail. True data security goes down to the level of the data. It is important to assess what the bad actors are targeting in most attacks. When it comes to a cyber-attack, much of the information accessed is frequently lost in the following manner: 1. Through email in general – email is by far the primary target for most attacks. 2. Sensitive email that did not need to be preserved or retained in particular. 3. Information on mobile devices that could have been removed and has no need to live in the transitory environment of the device. With communications as a primary target, it is important to evaluate how your organization secures, manages, retains and disposes of these items based on policies. To improve information protection and your cyber security stance, it is important to create a better environment for your organizations. In particular, it is important to identify the following:
- Data repositories, machine or human generated, that contain particularly sensitive data.
- Level of sensitivity and privacy.
- Discuss data anonymization and scrubbing for protection.
- Repositories that are vital to business continuity.
The Cyber protection plan can then be geared to work with the identified repositories to institute levels of protection such that even if an intruder gets in, they would have difficulty getting to the information. This will also make recovery of a hot site much more efficient, as all vital data would be readily available. Bottom line, in order to achieve a true state of information protection and cyber readiness, teams should work together closely. This ensures that not only the traditional perimeter is protected, but that multi levels of security are implemented down to the level of the data/ information, providing a substantially more efficient and safer organization.
Contributor: Galina Datskovsky