20 Feb Data Management Gaps That Can Derail Strategic Enterprise Objectives (part 2)
There Are Gaps in Your Security Framework
If you get breached and the Federal Trade Commission asks about stolen data, are you ready to answer simple questions like “What data was stolen?” and “How much data was stolen?” If you cannot, their follow up question will certainly be “How many records did you have?” If you do not know that or other vital information—like who has touched your data and when—it is clear you do not have visibility into your IT infrastructure.
Although network security has been around since the 1990s, this technology typically does not include the tools needed to answer such data-centric questions. Where are the gaps?
In current security formats, there are three levels of protection around data: Network/Perimeter, Endpoint and Application. Unfortunately, determined attackers have often been able to bypass these layered security safeguards. Recall the infamous breaches of Yahoo, Equifax, eBay, Target, Uber, Home Depot and numerous others. How is this happening?
- Network/Perimeter controls get bypassed by jumping the perimeter either through exploiting weak vendor controls or by finding ways to physically or logically get inside your network. And cloud-based applications have expanded and blurred the perimeter, making it much harder to defend.
- Endpoint protection is very useful and important, but successful social engineering attacks demonstrate how easy it is to bypass. Realistically, the internal user threat complicates endpoint protection’s ability to operate as designed. Further, the adoption of bring your own device (BYOD) policies and the myriad device types and versions that employees and partners use to connect to your data make it hard to stay up to date with endpoint threat protection.
- Finally, attackers can exploit application controls via techniques like code injection attacks. Additionally, there is the complexity of the data and how you interact with it. At this point, data access requests seemingly come from everywhere: Robotic Process Automation, internet of things devices, BYOD and numerous other sources. Many artificial intelligence applications can demand almost unrestricted data access to make appropriate decisions and show a return on investment. The connected world is no longer confined to a human interacting with data through a workstation. But the dramatic variety of methods through which we interact with data make it challenging to keep up with appropriate application controls.
Adjusting the Focus
How then should companies address the often-overlooked internal threat? Firstly, C-level business leaders and CISOs need to bolster resources like skilled personnel and database monitoring applications that will enable continual insight into where their data is, how it is being accessed and how much of it is accessed (500 records or 5 million?), who is accessing it and when (during the normal work day or the middle of the night?), from where is it accessed and how often? In addition, leaders must challenge their IT staff to provide constant metrics on all of these factors, so they can proactively understand their environment to not only protect it from attacks, but also be more efficient in business process and security controls.
While the overwhelming majority of insiders are well-intentioned, trustworthy and hard-working, far too many of us are susceptible to highly sophisticated threats deployed from an endless stream of attackers. It is more important than ever to focus on resources that will help overcome internal data management gaps to keep your workforce and your business on track.
Browse our Corporate Presentation 2020 and find how we help companies world-wide to “embrace the good side of risk”.