Sharks and Hackers: A How-To Guide on Biting Back
Growing up in Florida, Trinidad and the Bahamas, I learned early on that sharks had to be taken seriously. This past week being Shark Week got me thinking about security and how, as with sharks, you need to follow a few simple and common-sense precautions to reduce your risk of danger.
With sharks, it used to be: don’t swim at night or near fishing piers, don’t thrash about like wounded fish when swimming and, most importantly, don’t swim when the water visibility is low or if you have a cut/wound that may bleed. Those guidelines seemed to work and shark attack reports were few and far between.
However, today, it seems shark attacks have become more prevalent. Where I live in Southern California, the beaches have recently been closed several times because of swarms of Great White sharks. The sharks certainly have not changed, but we have and our advancements have increased our risks. We’ve further invaded their environment, and the growing numbers of swimmers, kayakers and surfers means more shark encounters and the resultant increase in attacks. Similarly, the advances we’ve made in enterprise technology have opened us up to another looming risk: breaches.
Initially, security amounted to physical access controls and administrative passwords, but the advent of the internet changed things forever. Organizations adjusted quickly and data breaches could be prevented by simple best practices and technologies, such as creating a strong password, keeping systems and applications patched, controlling access with firewalls and VPNs, and encrypting your data files. The strategy was to build a strong perimeter and keep the bad guys out. However, over the last several years, attacks on our data are more frequent and more severe than ever.
Why has this changed so dramatically over the last several years? Simple, we are moving our data out from its safe harbors and exposing it as we never have before. Gone are the days of static, predictable and easily managed data stores and highly segregated users. Today, data stores are globally dispersed and diverse, with data shared across functions and geographies to support global workforces, analytic initiatives, and new mobile and social applications and services. Integrated supply chains and distribution channels require unabated flows of information to function efficiently.
However, as we’ve improved our processes, so have our enemies. The bad guys have gotten smarter, and with enough persistence, can break the defenses of almost any organization. In some cases, a company’s own employees may let the bad guys in through simple mistakes or it’s even possible that they hired the bad guys.
So, how do we combat these new dangers? How should organizations approach their data security programs in response to the growing threat of data breaches and the increasing complexity of privacy regulations? There are two vital first steps:
- Continue what they have been doing with passwords, VPNs, firewalls and encryption while also embracing the new security analytics platforms emerging from SIEM vendors.
- Dig deep into data security with data security analytics and multi-layer protection.
Digging deep into data security is relatively new. Most security professionals are network centric and focus on trying to keep the bad guys out of their perimeter. Now, it is time to focus on what attackers are after: the data. This is necessary not only to help thwart the new sophisticated and persistent attacks, but also to ensure compliance with new and demanding privacy legislation, such as the General Data Protection Regulation (GDPR).
I also recommend the “Detect and Protect” process. This includes:
- Understanding where sensitive data assets reside. Use advanced discovery and analytics to determine if data is sensitive.
- Analyzing and prioritizing sensitive data risk. Consider organizational policy and regulations, how data is used and by whom, how data is moving within the organization.
- Remediating sensitive data with data security controls. Apply encryption, masking, tokenization and access controls to ensure only those with a need-to-know designation can view data and, in general, limit the access to data by any one individual.
- Monitoring data access. Be mindful of excessive access or cross-border movement and alert on policy, and monitor users for excessive or unusual access with user behavior analytics.
- Continuously repeating the process. Complete steps one to four over and over again. This ensures new data, data stores and users are analyzed and tracked for risk conditions.
Safe swimming and safe computing!
Robert leads product marketing for Informatica's data security, data privacy and test data management solutions. Robert is responsible for product positioning, strategy, GTM, sales tools and sales enablement, analyst briefings and thought leadership of all related software products.
Posted by Robert Shields on Jul 31, 2017