Follow The Data - A View On Cyber Security
Our guest blogger Craig Devlin is a Technology & Security Consultant at Seric Systems. Craig is a professional with an innovative view to provide highly capable solutions to meet business requirements and opportunities.
Seric Systems are all about listening to their clients: understanding their software, hardware, risk and analytical issues and requirements. Their aim is to deliver a fit-for-purpose technology platform to help support businesses in the long term.
money Data – A View On Cyber Security.
In business today there are numerous challenges, not just the business of doing business. Cyber security is not far from peoples’ lips, potentially because it is a deep and complex topic that’s bounds stretch throughout any organisation – not just a problem for IT to fix.
Of late we’ve seen various high profile cases where organisations have been breached resulting in massive losses, that could well have been avoided if some basic steps were to have been followed. £1.2bn in costs for Ashley Madison, and £35m for Talk Talk in the UK are just two examples where data, at times unknown quantities, were extracted.
The Changing Times of Online Security
The traditional perimeter defences of the 90’s have long since become redundant as technology has dramatically changed the face of how we engage and carry out our duties, BYOD, mobile, web access, collaboration, have all made in-roads to reducing the effectiveness of the perimeter security model.
Traditional IT departments are not only struggling with the technical challenges of securing organisations, but also the political issues as senior management and boards having little, or no understanding or ownership of cyber security within their organisations and continue to close down discussions and supress this as a business as usual aspect of internal IT departments.
Challenging times require new thinking, geographically diverse workforces require new ways of working, collaboration between businesses requires new approaches, in short we need to re-assess how we protect our organisations in challenging and changing times. Build in flexibility, reduce the restraints on individuals, maintain regulatory compliance, educate employees on risks, and enable them to carry out their role, efficiently and securely.
Protect What's Important
It’s key that security solutions, People, Process, and Technology, are layered to provide an effective defence but it’s also key to understand what we are protecting, what is valuable, what are the crown jewels of the organisation. Broadly speaking most cyber threats look to extract data to be sold or used against the owning organisation with financial gain as the primary motivation. Examples include malware to extract information pertaining to projects, roles, positions, and processes allowing a targeted phishing attack. Here the data itself is key, so protecting that data becomes the priority, making the access and manipulation key. For this reason, the key factor in protection is protection of the data, in short ‘Follow the data’ and react appropriately from there.
Following data, where it resides, whom is accessing, what actions are taken against the data is key to defending yourself. For example, being able to identify when data contained within a sensitive file share is written, or attempted to be written, to another folder or USB stick. When copies of databases are taken over time and sent to personal email accounts, when large volumes of data start to be encrypted. These are all activities that may well be allowed, but in excess they are now unauthorised data extractions or at least suspicious. Identifying this, alerting, and treating such breaches would be an appropriate defence and allow organisations to demonstrate effective controls over their sensitive information.
Data is King
Another key issue around data breach is identifying what was accessed, taken, and changed during a breach. Talk Talk was a prime example, demonstrating complete lack of information around the breach, it took too long for Talk Talk to identify what was accessed etc. The above process of following data would allow for full audit trails of data movement and access, so in the event of a breach it’s easily comprehended what data was impacted and how, and thus mitigation of impact can commence immediately, allowing for a strong, proactive response, and therefore critically less brand damage.
Data is king, protect it, defend it, and understand it.
To learn more about how you can ‘Follow the data’ in your organisation, or about Seric Systems you can contact Craig at Craig.Devlin@Seric.co.uk or by Twitter or LinkedIn.
Seric Systems will be at Scot Secure http://www.scot-secure.com/ on the 21st April, please stop by at the Seric stand to learn more.