Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 7 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The Quadfecta of Data Protection

by The Gurus
April 12, 2017
in This Week's Gurus
Share on FacebookShare on Twitter

This year alone, we have seen a hacker take control of a hotel’s key card system, locking guests in their room until a ransom was paid[1]; 2.5 million PlayStation and Xbox user credentials exposed[2] and Aberdeen city council’s website overrun with hackers — and those are just the ones who have admitted to it. It’s no wonder the occurrence of data breaches has hit a record high, with a recorded 40 percent increase in the past year[3]. This begs the questions: Is data protection and cybersecurity is really being prioritised? And, how do we put a stop to this madness?
So much of society depends on connected devices – our money, our cars, our homes, even medical devices – leaving us all vulnerable to hackers with malicious intent. Which only serves to emphasise the importance of implementing thorough data protection practices throughout every level of society and in the workplace. So, how can we even begin to go about preventing such occurrences? Below are some areas organisations must prioritise to combat poor data protection practices.
Cloud security
With growing volumes of mobile devices comes the increasing demand for cloud applications and storage, with no signs of abating. The amount of cloud data each person uses is expected to triple by 2020[4], along with the rapidly rising occurrence of attacks on the cloud.
The very nature of the cloud is that individuals, whether it’s for work or personal purposes, can easily access files, no matter where they are. The same goes for hackers. The reality is roughly half of such attacks are committed by cyber-criminals, as opposed to hacktivists, nation states, terrorists, or competitors[5], so we are talking about committed professional hackers with malicious intent who are accessing sensitive corporate data stored in the cloud.
Whilst many may panic and decide to withdraw their data from the cloud or refrain from embracing it, there is no need to do so. Data in the cloud is as secure as data on-premise if the correct security standards are applied. There are a few ingredients imperative to securing data within the cloud: secure infrastructure, stronger passwords, and complementing passwords with multi-factor authentication.
Cross-pollinating personal and corporate data
Mobile devices are now the chosen tool for work; no matter the age, vocation or location. Gone are the days of a personal desk or office. Desk-less and remote workers are quickly becoming the new norm, with many choosing to access corporate applications from personal mobile devices, causing employees’ personal data to become cross-pollinated with sensitive corporate data.
One of the many dangers of cross-pollinating corporate data on employees’ personal devices is that once an employee leaves a company, they do so with sensitive company data. If company data leaks into the wild, hackers can use it for targeted attacks, including phishing attacks on company employees. Given the typical employee stays with a company for four years[6], the annual average employee turnover is 25 percent. In a mid-sized company of 1000 people, that’s 250 departures and a lot of potential leaks!
To mitigate this risk, employees should be encouraged to have two accounts on a single laptop; one for company data and apps, and another for personal use. This way companies can remain in control of the corporate account and revoke access once a user has left the company.
Multi-factor authentication
We, as human beings, have adopted bad habits. We often rehash and reuse the same passwords over and over again, maybe adding the additional number to the end of our favourite password if we are feeling conscious. By combining strong multi-factor authentication with, sufficiently complex, hard-to-guess passwords that are regularly rotated, companies are adding an additional layer of protection.
While multifactor authentication and methodically complex passwords may not be the silver bullet to stop all cybercriminals in their tracks, it certainly makes it difficult for malicious hackers to use personal and corporate information as cannon fodder on the dark web.
For organisations, an additional layer of protection through Cloud Access Security Brokers, or CASBs, is suggested to detect suspicious user behaviour. For example, if one user is accessing an application from two geographically remote locations (say, the UK and US), an Identity Cloud will be signalled to revoke access, as it’s likely their account has been compromised.
Employee education
However, while companies can have the best-laid plans in place to prevent the next hacker or insider threat running into the night with valuable corporate data, employee education is vital. All it takes is for an employee to download a file from the secure cloud service to a personal device or click on a malicious phishing email, without end-point management and security controls, and the preventable becomes inevitable.
Educating employees on phishing scams they encounter on a daily basis, in addition to strengthening corporate phishing defences, must be a priority. To monitor employee awareness of phishing threats, companies should conduct regular phishing assessments by sending a false-phishing email and tracking how many fall for the scam. Ideally, such assessments should be done on a monthly basis, with failure rates published and learning sessions conducted with employees.
If an organisation addresses cloud security, the cross-pollination of data, the use of multi-factor authentication to secure corporate applications, and employee education around phishing, then it is well on its way to adopting healthy and secure data protection practices.
By Al Sargent, Sr. Director of Product Design at OneLogin
[1] http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms
[2] https://www.theinquirer.net/inquirer/news/3003724/playstation-and-xbox-forum-hack-exposes-credentials-of-25-million-gamers
[3] https://www.helpnetsecurity.com/2017/01/20/data-breaches-increase/
[4] https://www.cisco.com/c/dam/en/us/solutions/collateral/service-provider/global-cloud-index-gci/white-paper-c11-738085.pdf
[5] https://www.thalesgroup.com/sites/default/files/asset/document/2017_thales_data_threat_report.pdf
[6] https://www.bls.gov/news.release/tenure.nr0.htm

FacebookTweetLinkedIn
ShareTweet
Previous Post

Synack – Hackers for Hire company – Raises $21 million

Next Post

Chasing Lazarus: A hunt for the infamous hackers to prevent large bank robberies

Recent News

large open office, bright.

Employees Feel 10 Times Calmer in an Environmentally Friendly Office Space

June 7, 2023
Blue Logo OUTPOST24

Outpost24 Acquires EASM Provider Sweepatic

June 7, 2023
Standard post, logos of brands, headshot.

J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry

June 6, 2023
iPad with Anxiety written on it in capitals.

Half of UK Employees Suffer From “Sunday Scaries”

June 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information