4 Tips for Securing Critical Value Data
By Keith Lowry, Senior Vice President, Business Threat Intelligence and Analysis at Nuix
In today’s cut throat business environment, organisations face increased attacks from external hackers, but more worryingly, from trusted insiders. The overall number of attacks is on the rise—PwC estimates in 2015 there were 38% more security incidents detected than in 2014. Nuix found 93% of CIOs and CISOs say human behaviour is the biggest threat to organisations’ security.
There are many factors that are driving threat levels higher. Rapid advances in the latest storage technologies include tiny devices such as microSD cards and thumb drives which can hold ever-larger volumes of data. As a result, entire network share drives can now be discreetly copied onto a simple USB stick and leave the premises inside the insider’s pocket.
Malware programmes are at an all-time high, with an estimated 500M+ in 2016. Far too often we have seen companies reduced to ashes after an employee or contractor clicks a link from “a Nigerian prince promising millions in return for a favour.” Finally, foreign intelligence services have shifted their focus from classified government documents to technology and research held by softer targets, such as corporations.
The threat from the trusted insider is developing in a disturbing manner. You can no longer assume that your employees are fully committed to protecting treasured corporate information. Non-disclosure agreements are not always airtight. What’s more, a recent study by Clearswift that surveyed 4,000 employees across the US, UK, Germany, and Australia, found that 35% of employees would be willing to sell their company’s information.
Corporations view these threats as an IT problem and invest in software, perimeter defences and forensic exploitation tools to combat them. It is far more challenging to protect against an attack from an insider. Identifying what information is the most valuable, and as such, at the highest risk, is often the most challenging part of protecting your organisation.
Attacking the Problem Head On
Though most organisations recognise the need to identify their critical value data—sensitive information that sustains competitive advantage, enables operations, and can be used to identify customers—many fail to agree which information assets are the most critical. Ultimately, the goal is to reduce the risk of information being compromised by implementing targeted, cost-effective security controls. To achieve this, all employees and contractors must be in agreement about which data is most valued. You can streamline the process significantly by following four key principles:
- Think about what’s critical: Obvious examples of data that is prized within your organisation include new product designs, manufacturing processes, and proprietary formulas. However, there is more data to consider—a well-placed insider will be able to recognise and select less obvious targets that could prove to be just as damaging to your organisation. Identifying critical data requires deliberate, thoughtful engagement with leaders and experts from across the business. Your organisation’s data priorities should be re-evaluated regularly.
- Involve the right people: Engaging the right stakeholders is essential to learn what data is most critical to your organisation, build awareness about risks to that data, and obtain commitment—when the time comes—to taking action that will increase data security. You will then be able to raise the alarm in relation to data at risk among your stakeholders and increase your data’s security protocols.
- Combine functional and technical approaches: A functional approach to securing critical data drives essential conversations among stakeholders about which data types would be of most value, as well as those which pose the greatest risk if exposed. These conversations frequently surface types of information that would otherwise never be considered. You should complement this method by a technical evaluation of your organisation’s data to look for critical information that is unsecured or is found in unexpected locations.
- Develop and sustain an action plan: Once you have identified vulnerable data, your organisation should implement and follow a precise action plan. Often, organisations organisations develop a plan but fail to build the processes for monitoring, maintaining, and re-evaluating the at-risk data. Implementing a quarterly review process with key stakeholders ensures that the protective measures surrounding valued data remain in sync with changes to the business.
The Bottom Line
In today’s business environment, where cybersecurity is a major talking point, prioritising what data your organisation should secure is challenging. Most organisations organisations already have some sense of what intellectual property or customer data is of the most importance, but the discipline to take a step back, evaluate it thoroughly, and search comprehensively for data in unexpected locations is very much lacking. Taking these steps often reveals opportunities to quickly reduce the attack surface by sweeping sensitive data behind appropriate security controls.