Security threats to the enterprise today are pervasive. This is evidenced by the increasing prevalence and complexity of cyber attacks. In the last twelve months, hardly a week has gone by without some kind of major cyber incident, such as WannaCry or GoldenEye, being reported by media. At the same time, data — arguably one of a company’s most valuable assets — is more vulnerable than ever. This is because data, once safely tucked in the data centre, is moving onto endpoints.
In fact, Code42’s recent CTRL-Z Study showed that IT decision makers believe that as much as half (and in the US, as much as 60%) of corporate data is found on endpoint devices such as laptops. This movement of data outside of the traditional security perimeter, coupled with the increasing volume of data that organisations are collecting, means that the scale of the data protection challenge facing security professionals is immense. To bring this into perspective, 42% of IT and business decision makers reveal that losing all corporate data currently held on endpoint devices would be business destroying. So it’s no wonder that more than a quarter (29%) of IT decision makers also reveal that data protection is their top security priority.
With security threats rapidly intensifying, many IT security professionals are trying to prioritise where to focus their efforts to minimise risk — which leads to the question, what data is held most sacred by the business?
All things being equal
The Code42 CTRL-Z Study found that both business and IT decision makers view financial and customer information as their highest data protection priority (33% and 31% respectively). This seems quite logical. After all, an enterprise’s financial and customer information is highly sensitive and in some instances, if disclosed, would have a very immediate effect on share price; so, it’s natural to want to safeguard it above all else.
Take, for example, customer data. It’s not only a prised enterprise possession that often helps organisations maintain a competitive edge, but also sensitive and personal to customers who place their trust in companies to protect it. Any high-profile customer data breach can cause irreparable damage to brand reputation and the bottom line. Once trust in a brand is lost, it’s not that easy to recover and sometimes it’s not possible at all.
Where data goes, security must follow
Understanding and accurately tracking where and how data flows and is accessed around an enterprise is of vital importance when it comes to effective data protection. These insights are especially important when it comes to sensitive data such as financial and customer information.
For a moment, imagine a senior business manager at work in a remote location. Imagine it’s John, a senior manager in procurement. He’s working from a vendor’s office in order to approve purchases for his team. He logs into their system and accesses information to do his job. But the internet where John is working is a bit slow. He downloads the relevant data to his laptop, leaving it unencrypted and unprotected outside of the cloud. In order to expedite the process, he uses an application he’s downloaded onto his laptop himself. He has not asked IT about the application’s security but assumes since he uses it at home and it speeds up his task, it should be fine. Unknowingly, John has potentially put his corporate data at serious risk, since the app he’s using could be exfiltrating data or installing spyware on his laptop.
John is not alone. More than half (52% ) of business decision makers and as much as 75% of CEOs, admit to using unauthorised applications on their mobile devices. In an increasingly digitally connected world, where employees work from a variety of locations and from multiple devices, these types of situations are going to become more and more unavoidable. In fact, they could have huge implications in the protection and recovery of customer data, given how many employees in the average enterprise have access to this information.
In short, every device in the business must be protected.
A new way of thinking
Now is the time to rethink security strategy as it relates to endpoint devices. It’s still a common assumption that installing an AV client onto a device somehow equates to protection. Actually, it only equates to prevention. Antivirus, as we know it today, offers an important first line of defence against cyber criminals who are looking to steal your corporate data. Even the very best solutions, however, are not impenetrable. While an ounce of prevention is worth a pound of cure, as Benjamin Franklin famously said, cure — a whole security stack that can help a company recover post breach — is not just a consideration, it’s a necessity.
A security stack in 2017 must involve a layered approach including antivirus, deception technologies, breach detection solutions, encryption tools, endpoint backup and real-time recovery solutions.
Your security stack also must provide you with real-time endpoint data visibility. Being able to see where data is, and when and who is accessing it, is critical to a successful recovery operation. Should your organisation’s financial or customer information be compromised, you need to be able to identify the infected device and network point of entry as soon as possible. There are multiple reasons for this, chief amongst them is the new General Data Protection Regulation (GDPR) legislation in the UK and Europe, which is going into effect in May 2018. One of the major directives of the GDPR is that businesses will be required to report any data breaches within 48 hours. Also, the quicker the detection and remediation, the quicker your IT security team can address and apply the lessons learned to future incidents.
Stay alert, stay safe
It is important to remember that not all threats to company data are external. Human error, however innocent, remains a big risk to data protection. It takes a mere second to click on a suspect link that looks innocent or send the wrong file to a spurious email address. As such, educating employees about security is a top priority for IT professionals today.
By keeping employees informed about the latest security best practices, many incidents can be avoided. This requires developing and communicating a comprehensive security policy, along with using best-in-class supporting software and offering regular education workshops.
Ultimately, it’s about looking at security from the outside in. Identifying the most vulnerable enterprise data and building a security portfolio that can comprehensively protect it — no matter where it is — will help a business recover when a cyber disaster strikes.
Richard Agnew, VP UK, I & Northern Europe at Code42
Image Credit: Wright Studio / Shutterstock