In today’s global economy, data is everywhere. Companies send and receive sensitive data all over the country and world. There is a push toward more accessible data, and greater interoperability. But how do you protect your data in a more connected and accessible world?
Cybersecurity is a topic every IT professional is familiar with. Often we see headlines about data loss and customer information being compromised. Even executives know the potential to lose brand reputation and revenue. The worldwide 2016 Global State of Information Security Survey, which includes the responses of more than 10,000 CEOs, CFOs, CIOs, CISOs, and CSOs, as well as VPs and directors of IT and security practices from 127 countries found that 91 percent of organizations have adopted a risk-based cyber security framework. The survey also found that 69 percent use cloud-based cyber security services, 56 percent use real-time monitoring and analytics. It found that 47 percent use threat intelligence, 44 percent end-point protection and 55 percent advanced authentication. Protecting data is crucial to maintaining daily operations. Communication and access to information are vital to an organization’s success; both can be interrupted by data breaches.
Reactive Measures vs. Proactive Measures
For the last couple of decades IT departments have primarily relied on reactive measures to protect data. Reactive security means that companies respond to past and present threats. When security is breached, the company determines the seriousness of the threat and assesses the amount of damage. Then measures are installed to prevent a similar attack from happening again. An example of a reactive measure is monitoring. IT departments monitor activity within the network and if there is an unusual spike in activity or a password attempt limit is reached, they will investigate the incident to attempt to find the problem. Visible securities, such as password protection serve a proactive function, but often act in a reactive capacity.
Proactive security measures seek to prevent data breaches before they happen. Over the last couple of years, IT professionals have looked for ways to use data in a proactive way. We see this in the use of Big Data, which is shifting focus from analyzing how security threats happen to predicting how they will occur. Now, organizations can stay ahead of advanced threats and find vulnerable areas before they are breached. This is a fundamental change in how IT professionals approach to security.
The first step in data protection is to understand your company’s data practices. Your IT team will want to gather as much information as possible about your data. The different departments will need to report what they are collecting, where they are collecting it from and how it is used. Does the department use consumer information, employee information or vendor information? Are they accessing data online or from server databases? Where is that data stored? Is your company using on-site storage, an off-site facility, or mainly cloud-based storage? How sensitive is the data? Once you understand the data, you can find the framework and any regulations you need to follow. You can then move forward in developing a plan for data protection that includes the areas that need the most security.
Once you understand how data is used throughout the company and where sensitive data is transferred, you can take steps to advance security. There are many areas to cover when you are implementing security for an entire organization. It is best to make changes in steps rather than trying to do everything at once. Some key areas of focus are:
- Workstations and User Accounts: Be sure that all workstations are functioning properly and are fully updated. User accounts should have specific permission based on what they need access to. All employees should be trained to lock workstations and regular password changes must be required. Make sure that all employees understand the internet use, email and communications policies.
- Network: Configure your network with security in mind. This includes having a functioning firewall and antivirus software. You should choose one remote access solution and stay with it. Sometimes simple steps are critical, such as renaming the “Administrator” account and setting a strong password. Disable unnecessary services and ports. A working backup system is necessary and it should be tested regularly.
- Test Vulnerability: You should run weekly scans on all of your external address space. Internal scans should be run monthly to make sure that all equipment is functioning correctly and that all software and patches are up to date. All network gear should also be included in vulnerability scans to make sure that there are no problems.
What Is Big Data?
By now, most IT execs have heard the term “Big Data”, but what does it mean? It comes down to the three R’s of internet connections: request, route and resolve. The ability to handle requests, routes and resolutions is Big Data. For example, to use Big Data, IT teams can store, process and query their network’s routing tables to learn the host IP Address Autonomous System Number associations for nearly every Internet host and publicly routed network. Once you have that information you can use data gathered from both recursive and authoritative DNS traffic to learn the current and historical IP Address Host Name associations for nearly every Internet host and authoritative name server. These two Big Data sets allow organizations to relate any host’s name, address or network to another host’s name, address or network. This gives IT departments the ability to gather details on connections and allows organizations to understand how malware, botnets and phishing sites relate at the Internet-layer, not simply the network or endpoint-layer.
Instead of using only reactive measures to block known threats, Big Data can be used to predict unknown threats. Organizations need to process the data to calculate, translate, and run algorithms and analytics against the data. Organizations also need to query the data to search, visualize and feedback actionable information. This is why companies commonly work with a security vendor using external data sets like internet host attributes and requests. Collaborating with a trusted company provides predictive threat intelligence to prevent breaches without the company needing to have a large in-house infrastructure to handle to data.
The Bottom Line
Data security is ever evolving. As threats become more advanced, new measures are needed to protect your company’s data. New techniques now allow companies to take proactive steps to safeguarding their sensitive data. You no longer have to wait for an attack to happen to assess the damage, now you can take steps to understand vulnerabilities and improve security. Many companies are working with trusted partners in information technology solutions to help them manage security and infrastructure. Please contact us today more information on how we can help you with managing data, networking, security, auditing and help desk services.