How confident are you in protecting your assets from a confidentiality, availability, and integrity breach?
If anything, the NSA breach by Edward Snowden just shows that none of us are ready.
In simple terms, most organizations find it challenging to appropriately allocate investment and resources towards effectively mitigating a confidentiality, integrity or availability breach.
What do I mean by this? Most organizations invest heavily in security technologies and mistakenly focus on achieving high levels of “availability” as a best practice because Service Level Agreements are built around this. However, they neglect to implement appropriate security strategies for protecting confidentiality and integrity. This is a recipe for disaster. “Availability” does not equate with “security”.
Take, for example, the so-called Denial-of-Service attack on the Australian Bureau of Statistics (ABS) census website in August 2016. Thousands of Australians were prevented from taking part in this census (including myself) which overloaded the website.
Attacking “availability” in this way certainly left an embarrassing dent on this government-led initiative which may in turn impact any future online government projects (such as online voting) for many years to come.
And then there’s the Red Cross Data Breach that occurred in October 2016. Personal data belonging to 550,000 blood donors were leaked from the Red Cross Blood Service. This should never have happened to an organization responsible for storing and protecting highly sensitive, personally identifiable information (PII).
We all make mistakes. We’re human. However, leaving sensitive data exposed on a public web server is just about as irresponsible as it gets when it comes to security fumbles.
Where are the necessary controls and checks?
The potential ramifications of exposing donors’ data include anything from identity theft to blackmail. Worse still, people might become dissuaded from donating blood in future due to a fear of their own personal details being compromised. A breach of “confidentiality” is a serious issue. Lives are at stake and many executives who hold sensitive information simply do not understand the repercussions.
What’s alarming is that most organizations do not even know where their most sensitive data are located, let alone what they contain or their level of sensitivity …another recipe for disaster.
Digital collaboration is at the heart of every business process; files are created, stored, and shared at a rapid pace. Yet it seems nearly impossible to keep track of who has and needs access to all of this information, and who doesn’t.
Are you on top of your strategy for protecting your sensitive data?
Organizations tend to think that their data access is under control, but dig a little deeper and holes start to appear. Most organizations grant access readily, yet revoke it infrequently. Don’t assume that your Human Resources team is the only group of internal employees who can see the HR data, or that an employee who left the company last month has had all of his/ her permissions revoked. This is rarely the case.
Let’s be clear- an attack on data “integrity” can be highly challenging to identify or block. Hidden within your large volume of daily system changes are a few data that can impact the organization’s operations and. These include unexpected changes to a file’s credentials, privileges, the hash value, and changes that impact a configuration’s values or ranges, and properties to fall out of alignment with your security policy.
In a recent survey conducted by CEB, it’s been found that:
90% of employees violate policies set up to prevent data breaches.
Why? When convenience and productivity are prioritized over security, employees often put sensitive data at risk while trying to simply get a job done.
We also know that 90% of all incidents are caused by people (Verizon 2015 Data Breach Incident Report). Whether it’s due to carelessness or malicious intentions, the greatest risk to your organization is your internal employees, privileged IT Users, and 3rd-party vendors.
Therefore, when establishing a protection strategy plan for your assets, it is crucial to address the user-based risks and to invest in confidentiality, integrity and availability in equal measures.
What Can You Do About Preventing Internal Data Breaches?
If you want to implement practical steps towards preventing your next data breach, it’s vital to strategically cover your organization against Insider Threats by developing and implementing an Insider Threat Program.
An Insider Threat Program will provide you with a robust, repeatable set of processes that you can use to identify and eliminate user-based risks.
It is important to adopt an Insider Threat Management solution that enables you to understand and have clear visibility into who is doing what. Without this real-time visibility, you will continue to be in the dark when it comes to preventing confidentiality, integrity and availability breaches.
ObserveIT, a leading Insider Threat Management solution, offers an effective way for you to prevent data breaches whether they are caused by careless internal users, third-party vendors, or privileged IT users. Find out how you can implement:
- Real-time security education (and blocking where necessary)
- Deterrence against malicious users at the point of policy violation
- Automated alerts and analytics to detect and predict risky behavior
- Rapid investigation to reduce costs
Please contact us at www.observeit.com.
Boaz Fischer is a recognized leader in promoting security best practices, awareness, and governance as well as a renowned authority in the Insider Threat Management space. Boaz has published two security books, numerous security articles, and has been nominated for multiple security awards. You can find more information about CommsNet Group here: www.commsnet.com.au