Cyber attackers primarily fall under two categories:
- Those that pose threats to your business from the outside of your organization, and
- Those that present risks from the inside.
Anyone with physical or remote access to your organization’s assets can expose you to cyber risk. For example:
- Trusted employees accidentally misplacing information
- Careless employees remiss of policies and procedures
- Disgruntled employees or ex-employees’ intent on damaging your business
- Malicious insiders with legitimate access to critical systems and information
- Business partners, clients, suppliers and contractors with access to your business-critical assets can also present risk.
- Organized criminals or criminal groups
- Professional hackers – whether malicious or not
- Amateur hackers – sometimes known as ‘script kiddies’
In order to manage cyber risk, regardless of its source, you should fully understand the range of motivations behind possible attacks. You should also know where and how to report a cyber-crime, if it does happen to your business.
All we can do, is build a massive perimeter defense that guarantees only authorized people will gain access. The problem here is that attackers steal authorization credentials. So, to these defenses, the attackers still appear authorized. Perimeter network defenses are completely blind to the fact this person is a bad actor.
It’s a lot like you’re building a bank and you invest your security budget into reinforcing the perimeter walls, exterior security cameras, security guards, alarms, etc. People must pass your guard gate and show their credentials before being admitted. They finally enter and find all the money piled on the floor. They can take whatever they want and walk right out the door because they are authorized. That’s basically the present state of data protection at a majority of companies.
Some organizations are using specialized software tools called Data Loss Prevention, or DLP, that are supposed to protect valuable company data. DLP software looks at files being sent off the network and tries to determine if they are sensitive. If it’s determined that they are sensitive and the action is risky, then the operation will be cancelled. That’s one for the good guys!
Unfortunately, attackers have learned to adapt to traditional DLP software. Going back to our bank example: if the company had deployed a DLP solution it would be a lot like a security guard approaching you as you try to exit the building. They see that you’re carrying money and they stop you.
Why don’t the traditional data loss prevention guards see the money you hid in your pocket? Because cyber attackers encrypt the sensitive data they are looking for and send it out of your enterprise without you being able to see that it was sensitive data. That is like stuffing the money in your pockets and exiting the bank without incident.
So, what can be done to solve this problem? Build the defense into the data itself.
To mitigate the current risks to our sensitive data, the defense must be built into the valuable data itself. It must be a part of the internal emails, the salaries, the formulas, CAD drawings, client data, employee health data, and anything else that is valuable to you and must not be leaked out. The defense must be able to work even if only parts of that valuable data are copied, printed, emailed, or sent to the cloud, smartphone, USB drive, and every other egress from a computer. Even sensitive data living in machines that are offline, or at someone’s house, or not connected must still be protected. And forensic records must be included so you can submit non-repudiation evidence to Courts and beyond.
Going back to our bank example, if the bank has Digital Guardian data loss prevention installed and an authorized user decides to pick up a pile of money, stuff it in their pockets, and try to exit, then the money will explode in a puff of red paint. Because the money itself has its own defense built right in, because the money itself is the thing of value.
To close this discussion, I would say that Cybercrime is the greatest threat to every company in the world but a cyberattack is closely tied to cybercrime in general. We need to bear in mind, that at least during the next five years, cybercrime and its inseparable brother Cyberattacks, may well become the greatest threat to every person, place and thing in the world. With evolving technology comes evolving hackers, and we are behind in security. Understanding the cyber terminology, threats and opportunities is critical for every person in every business across all industries. By providing advanced cyber training and education solutions in all departments of your business, from marketing and sales to IT and InfoSec, you are investing in your company’s protection against cyber threats. So, give it a good thought and do the right thing.