Hacking and data theft are at an all-time high. The details and number of attacks, as well as the ongoing prevalence of data theft, are readily available to the readers of numerous publications. No industry is immune to breach or hack.
But the reasons for the massive surge in attacks are slightly more complicated. Advances in technology, availability and accessibility to tools, the prevalence of the dark web, and the growth of the social economy are all contributing factors to the increase in attacks.
Ultimately, the problem stems from the historical design of networks and the supporting infrastructure. Networks were designed using the “castle model.” The electronic ends of the network (i.e., your domain) represent the castle’s “technological” walls. Firewalls, malware detectors and intrusion detectors are the guarded gates of your domain. Defending in this scenario was easy when you saw the attack coming; and when attacks were limited to specific and repeated methods and were far less sophisticated.
But now that network castle is under siege. Hackers are swimming across the moat and firing from flaming catapults. They are at the gates with a Trojan horse. Attacks are rampant, sophisticated, unique, and targeted — often infiltrating from within, using domain administrators’ credentials.
Hackers are using increasingly complex algorithms as well as rudimentary techniques to breach organizations. In many instances, attacks even originate from internal resources by individuals simply not employing good cyber practices.
Hence today’s widespread problems.
Government agencies and commercial organizations alike need to address these compounding problems by securing the perimeter of their agency or organization, which many have started to do.
More importantly, they must secure the data, which is the real treasure. Data is what hackers and non-hackers want to obtain — to sell, hold for ransom, manipulate, and steal.
A holistic assessment of your organization’s cyber security posture is critical. Cyber security cannot be an afterthought. All architecture layers should be assessed to ensure appropriate controls are put into place as applicable. Data-level security is paramount and needs to be protected with more urgency.
Organizations should be going a step further to track real-time user behavior analytics and pervasive artificial intelligence to learn threat and risk behavior patterns and optimize outputs and alerts accordingly. Appropriate data protection can address most, if not all, of today’s hacks and breaches. A true cyber defense needs to consider end-to-end data intelligence and incorporate the following six attributes:
- Provide the data owner with a full audit history — with data access being controlled, or rescinded by the data owner.
- Contain data provenance — including access by user, device, and identification of the data — over a duration of time.
- Establish an enterprise-wide view of data, access, control, and reporting.
- Provide “single pane of glass” security, control, audit and reporting, including exportable data for report generation, or automatic integration with other reporting systems or Security Information and Event Management (SIEM) tools.
- Enable real-time analytics on user behavior.
- Include strong consideration for quantum proofing data.
The high-level guidance on the core tenants of a robust data security solution are critical to institute immediately to protect your data kingdom. In part 2, I will discuss the technical considerations necessary to securing data.
Post Date: 4/23/2018