Accenture’s security team recently released an amazing whitepaper on data-centric security. Considering the number of breaches that corporations and businesses have to deal with, it’s no surprise that tech companies are starting to crack down on cybersecurity. Protecting your customers and their data is no easy task. In recent years:
1. Over 140 million customer records leaked from a leading credit reporting agency.
2. 500 million user accounts were compromised at a leading Internet service provider.
3. 80 million patient and employee records were breached at a health insurer.
4. Over 50 million credit card accounts were compromised at a leading retailer.
And this is just the tip of the iceberg. But how many more ships must sink and data is lost due to lack of security? Let’s talk about getting the basics of data protection to ensure your clients’ private data is in good hands, in their hands.
How data breaches hurt you
There are three main occurrences during a data breach:
1. Data breaches are costlyGiven the above examples, estimates of financial losses from a serious data breach are in the tens or hundreds of millions of dollars. The average data breach can cost an organization $ 11.7 million, which is scary!
two. Data breaches can potentially cost livesWhether it’s the intelligence community, healthcare, energy, or chemicals, data breaches have real-world consequences that affect people’s lives.
3. Data breaches happen due to multiple glitches: There are multiple points of failure. For hackers to leak millions of customer records, multiple breaches have generally occurred over a long period of time – days, weeks, or months!
Managing the cyber forts
There are many practices that an organization can adopt to prevent data breaches and loss. Depending on the size of your organization and your security budget, there are many things you can do to improve security:
1. Protect high-value assets – While this is obvious, protecting high-value assets should be the first priority for your security team. Sometimes adopting the mindset of the attacker can give your team the perspective they need when designing and running a threat and vulnerability program. Adding multiple techniques such as encryption, tokenization, micro-segmentation, privilege management, and digital rights can strengthen your high-value assets, making breaches longer and harder to execute.
two. People make mistakes – Securing your data is one thing, but if you allow human error to creep into your processes, all that security will go to waste. Monitoring who will have access to what data is almost as important as encrypting everything. Continually monitor for unauthorized access and assign roles to limit access. Proper micro-segmentation in your access control can allow users with access to see what they have to see by hiding the rest they don’t need. By doing this, if a user’s credentials are compromised, only a segment of the data is exposed. This makes it difficult to leak large amounts of data.
3. Network enclaves are good walls – In the digital world, the lines between your walls and the outside world could become blurry. The perimeter is now an abstract concept that moves seamlessly between the cloud, the field, and the control rooms. Creating enclaves or environments where user traffic and application behavior can be monitored can cripple an attacker’s maneuverability. When the perimeter is compromised, the enclaves remain secure and these partitions could prevent further damage.
Four. Launch the hunting programs! – Don’t be complacent because your attackers won’t. Have hunting programs look for vulnerabilities regularly and adopt a continuous response model. Always assume you’ve been raped and use your threat hunting kits to look for the next rape.
“Winter is coming …”
Always prepare for the worst. When you transform your incident response plan into a crisis management plan, you are better prepared for the storm. Have corporate and legal communications teams on standby so they can take action in a jiffy. Today, many technology companies conduct crisis drills to ensure that computers can function despite losing basic functionality such as email, VOIP, and other means of communication. If Google does it, it can’t be a bad idea!