This year’s Verizon Data Breach Investigations Report (DBIR) reiterates the need for cyber defense measures and best practices to ensure that we are not gambling with our critical data.
Hackers are getting more sophisticated, gathering intel on their targets and taking advantage of high data volumes, multiple entry points to data and gaps in protecting that data. Meanwhile, the defenders of the cyber landscape scramble to stay one step ahead with limited visibility and actionable insight into all activity occurring in their ecosystem. We have hardened our defenses around the perimeter and manage user privileges and access more diligently as well as improved security awareness training. However, we continue to fall prey to well-crafted phishing campaigns, ransomware, malware and credential theft. Consequently, management of sensitive and mission-critical data is a growing concern especially as the boundaries of our business and social interactions blur and expand well beyond our traditional data centers and corporate devices.
Key Takeaways from DBIR:
- Who cares: Targeted attacks against financial, healthcare, public sector and retail and accommodations have resulted in million-record losses. Organizations that manage personal data, financial data and credential data are high priority targets. Of course any organization with sensitive data, be it design documents, pricing data or medical records, should be vigilant and have deep visibility into the access, manipulation and distribution of such data.
- Who wants your data: DBIR notes that 75% of breaches were perpetrated by outsiders and 81% of hacking –related breaches involved stolen/weak passwords. While the disgruntled or malicious employee may be still be a cause for concern, it is more often the external threat actor, stealing valid credentials and transforming into a trusted user, who is slipping through your perimeter defenses to compromise data. Monitoring all access to sensitive data in business applications is key to detecting those internal and external threats.
- Discovering the breach: While the time it takes attackers to exfiltrate data is on the order of days, it takes months to before these breaches are discovered. Breach discovery can happen though internal financial audit, law enforcement disclosures, third-party notification or fraud detection. Be more proactive in finding potential data breaches with deep visibility into application transactions to identify anomalous data access events which could be indicators of compromise.
Greenlight solutions surfaces the real-time cyber posture of your ecosystem by leveraging your existing security investments, and correlating it with business risk and impact. Greenlight also expands visibility into application and transaction level security to manage business activities which involve sensitive data while also adding business context to help the IT, Application and Business teams rapidly identify and mitigate the high business risk events. To find out how to navigate the new normal to managing cyber threats, click here.