Businesses’ digital estates are often sprawling. How many of us can say we know where all our data is stored? Are you fully aware of who has access to your company’s sensitive documents? Here we look at types of data threats businesses face and how to ensure that your sensitive data is kept under lock and key, safe from malicious internal and external threats…
A number of factors are worsening this problem, such as the exponential growth in data volumes; workforce changes in light of the pandemic and subsequent ‘great resignation’, and issues such as unsanctioned IT coming to the fore as the barriers between home and work blur. These challenges make it vital to properly manage the data your business holds, as this is the only way to obtain the 360° awareness that is required to keep it secure. Protecting sensitive data is mission-critical, and should be treated as such with the appropriate investment. That is before considering the potential costs (regulatory and otherwise) associated with getting this wrong.
External threats such as ransomware that originate from malicious third parties are a huge worry for those in charge of corporate cybersecurity. However, while it’s vital for businesses to protect their data against external actors such as cybercriminals, to focus purely on these threats would be to overlook the risks posed by internal actors. No enterprise can afford for that to happen.
Even genuine, positively motivated employees can make or break a business’ cybersecurity strategy. A seemingly innocent breach of hygienic behaviour such as an erroneously clicked link, connecting an insecure device to a corporate network or accessing a public Wi-Fi network, can allow cybercriminals to circumvent any and all security technologies the company has in place. Staff really are a business’ last line of defence.
The insider threat typically takes two forms: malicious or unwitting. Malicious insiders are those employees that purposefully cause damage. Maybe they were overlooked for a promotion they thought they deserved, or are leaving the company on unhappy terms. When emotions are running high it may be the case that they chose to leak sensitive data, or download private information. Unwitting insiders are those who simply don’t have enough cybersecurity training or awareness to keep the business as secure as it can be. It is these staff members that may fall foul of a phishing attempt, or connect to an insecure public Wi-Fi network without understanding the risks.
The bottom line is that any and all threats to an organisation’s valuable data need to be mitigated in order to protect its most important asset.
Every business will have a firewall, but not every business truly invests in data security. It is almost inevitable that cybercriminals will gain access to corporate data one way or another, so rather than just trying to stop them from entering, businesses need to look at how they can bolster their security internally.
The simplest way to do this is simply to restrict the number of people that have access to sensitive or valuable data, thereby minimising the risk that a breached account, for example, can be successfully exploited. However, organisations with low data security maturity may have no visibility of what data they hold, let alone who has access to it, meaning the ability to build a lifecycle approach to data security varies wildly. This is why there is significant value in working with a managed security services provider, such as Orange Cyberdefense.
Our Managed Data Protection service is designed to protect business-critical and sensitive data from malicious external actors and insider threats. The service combines multiple capabilities to achieve a ‘least privilege’ security model, with options that enable business outcomes such as data regulation compliance and threat detection and response.
The first step is to achieve complete data protection is data discovery. The data lifecycle needs to be analysed, with data classified and labelled according to its sensitivity. What information does the company own and where is it held – including across on-premises networks and in the cloud? Is it sensitive or low risk? Does everyone in the business need to be able to access it?
Some data is suitable to be accessed by anyone and, while far from ideal, would cause minimal harm if it fell into the hands of a cybercriminal. However, this data discovery phase lets businesses get to the bottom of where they do have risks: i.e., those files that are open to all staff members, but that contain sensitive information.
The second part of this process is to assess whether there are files that employees have access to but don’t need, which can be achieved by analysing which files they rarely or never access. Even though this data may not be sensitive, minimising those that have access to it can still be a useful exercise to prevent even minor breaches.
With this information, we will look to remove access to data wherever appropriate. Minimising the attack surface by reducing the data that each user’s account is authorised to access means that even if malicious or unwittingly insecure activity takes place, the ‘blast radius’ will be as small as possible.
By tracking user activity and reviewing typical behaviours that occur when accessing data, our solution can also better detect anomalous activity. Take a remote user that always accesses a certain file from their home network for example. Suppose their account suddenly accesses this same file from a different address or even a different country. In that case, action can be taken to block their account and restrict access to this data while investigations take place to confirm the legitimacy of the session.
Conducting this preliminary classification and discovery phase can allow for the application of automation to further protect data, and keep it secure as the network and the demands of users change. For example, by applying automation, our solutions can use, keywords to automatically encrypt and restrict access to new files related to certain topics or containing specific types of data. Furthermore, if a user’s job role changes and they no longer need access to certain files, that access can automatically be revoked if they don’t open it after a certain time period. Lastly, with automated processes, if a user account is compromised and used to access data maliciously, it can be automatically blocked to minimise the impact that a threat actor can cause.
With the support of automatic Managed Data Protection from Orange Cyberdefense, along with our 24/7 Emergency Cyber Security Incident Response team, our customers are reassured that threatening activity is quickly and effectively stopped, systems and data restored, and business as usual resumed.
Ultimately, data is a business’ most important asset, so every possible step should be taken to protect it. Choosing to work with Orange Cyberdefense to conduct a deep dive into the data that it owns, and who has access to it, automating to reduce risks, can heighten a business’ security strategy and ensure that cybersecurity is embedded into the very fabric of the data itself. Ultimately, our Managed Data Protection service will make sure that your data remains secure, protected and accounted for.
Nick King, principal customer solutions consultant at Orange Cyberdefense