If you believe getting breached is inevitable, you’re right. Businesses that think it won’t happen to them are either living with their heads in the sand or just don’t understand the information security landscape today.
The battle lines are both external and internal as organized hackers and malicious or careless insiders continue to be a threat to your most sensitive data.
Organizations face a new set of challenges today that include advanced persistent threats (APT) that typically come from external sources. APTs are able to bypass traditional perimeter security by working patiently over long periods of time to compromise defenses and to manipulate employees to click on familiar looking but malicious websites and emails. The battle is against an organized, professional ecosystem of cyber criminals, and outthinking them requires the best people and processes, not just security tools.
A quick look at the headlines shows that traditional IT security is not stopping data breaches. Companies are spending billions of dollars on security, but it is not stopping the losses. Here are a few recent examples:
Trustwave sued over failure to stop security breach
Up to 25,000 could be affected by laptop stolen from New West employee
TaxAct Acknowledges Data Breach
Data Breach At Arnett Healthcare Affects 30K Patients
Hyatt Reveals Data Breach Impacted About 250 Hotels
Attackers infiltrate corporate networks and discover vulnerable areas where confidential data is easiest to steal, which employees are most likely to handle such data, and how sensitive data moves inside and outside of the organization. One approach to keep attackers under the radar is to copy a few sensitive files per day over a long period of time. This may be normal for most organizations and doesn’t trip any alarms.
In the past it was sufficient to guard the organization’s perimeter with tools such as firewalls, intrusion detection/prevention systems and data loss prevention (DLP). These techniques are no longer effective by themselves against APTs and insider threats.
The solution is to add data-centric security to complement traditional perimeter security. Data-centric security includes techniques that protect data as it travels within the organization and beyond, by limiting access to sensitive data through dynamic policies. It includes techniques for determining where sensitive data exists, monitoring that data, and analyzing the ways in which users copy, move, and access it over time. It incorporates identity management systems to correlate specific users with activity on sensitive data. By using these techniques continuously, organizations can not only prevent unauthorized activity automatically but also detect suspicious behavior patterns that suggest APTs and take action before it’s too late.
Data-centric security should allow users to work without interruptions as they pass information among multiple devices and between colleagues and business partners. A people-centric policy allows for flexibility and dynamic security enforcement based on content, users, devices, time of day, location, and so on. This acknowledges the need for exceptions to predefined policies based on the dynamic nature of legitimate data creation and usage while relying on advanced analytics to catch excessive deviations from the norm.
Adding data-centric security helps close the gaps that external hackers and malicious or careless insiders exploit to compromise sensitive business data and affect your bottom line. Incorporating these techniques into your current mix of physical and perimeter security will best protect your business and its information.
Photo credit Suriyan Soosay
