Has your organisation just been breached?

(Image credit: Image Credit: Balefire / Shutterstock)

The amount and types of data we are collecting have grown exponentially over recent years. At the same time, experts are claiming that the amount of data generated on the planet will grow by nearly 4,000 per cent by 2020. As the data keeps flooding in and the number of endpoints grows with the rise of the IoT, the digital landscape is becoming increasingly hard to secure.

There are important questions when it comes to where and how data is stored throughout the world. Data privacy regulations such as GDPR have made it increasingly important for organisations to be able to answer these questions. These regulations underline the true value of data and the importance of guarding user privacy. If organisations allow hackers access to sensitive information, the consequences are, and have already proven to be, dire.

However, organisations are facing an uphill climb to prevent such hacks. With organisations collecting and harbouring more and more data, the exposure to data breaches increases significantly. The sources of such attacks ranges from malicious or careless insiders, insufficient web application security to social engineering such as baiting, phishing and ransomware. The range of sources is proving a test for all organisations who would not usually take breaches into account when it comes to their main business priorities. As such, all organisations need to have the ability to identify threats as soon as possible and know the best ways to mitigate them.

How to tell if you’ve been breached

Despite being aware of our exposure to these threats, many organisations still struggle to quickly identify the “who, what, when, where, and how” of a breach. This has been made evident over the years, with even the biggest and most high-profile organisations being affected. For example, Yahoo famously had 1.5 billion accounts breached in 2013, and again in 2014, but was still not able to discover the breach until 2016 when the accounts were offered up for sale by the hackers.

It has become apparent that it can take months, or even years to pick up a data breach that has occurred within the internal layer of your infrastructure. Insider breaches are among the most common security incidents, but research from Verizon has revealed that 42 per cent of these incidents aren’t detected until months later, and 39 per cent take years to detect.

With regulations such as GDPR now in effect, organisations are more aware than ever that this level of ignorance can’t be tolerated. Circumstances have definitely changed. Part of the solution lies in moving away from traditional endpoint and infrastructure approaches to security, and instead focusing on protecting critical data assets and applications where they reside.

In today’s cybersecurity landscape, enterprises can no longer implement a simple add-on to their traditional databases for security. They may have a number of implementations such as traditional RDBMS databases as well as structured, semi-structured and unstructured databases. Meanwhile, enterprise applications teams are also developing in-house applications that connect to big data repositories which increases the variety of access methods to the data, in turn requiring security for those apps.

As these big databases continue to collect large amounts of data, it is critical to deploy data-centric security measures that focus on safeguarding data before it moves across networks, servers, applications, or endpoints. Some of these measures include:

Data discovery and classification involves getting visibility into the location, volume, and context of data on-premises, in the cloud, and in legacy databases. It also classifies the discovered data according to its personal information data type (credit card number, email address, medical records, etc.) and its security risk level.

User rights management identifies excessive, inappropriate, and unused privileges. It also analyses an individual’s activities against their peers’ behaviour by looking for anomalies and excessive rights.

Data protection and loss prevention ensures data integrity and confidentiality while monitoring and protecting data in motion. It blocks attacks, privilege abuse, unauthorised access, malicious web requests, and unusual activity to prevent data theft.

VIP data privacy and user tracking maintains strict access control on highly sensitive company data, including data stored in multi-tier enterprise applications. It also maps web application end user to the shared application/database user to the final data accessed.

The unpredictable growth in the amount of repositories in which data is being stored is forcing organisations to review their strategies for data security and governance. In particular, it has made it necessary for organisations to create comprehensive solutions that will ultimately reduce the number of alerts into a single, easy to understand dashboard.

Ultimately, by implementing these measures, organisations will finally be able to understand where their sensitive data is located, the particular threats their data might be exposed to, and how to quickly determine what has been accessed if a breach does occur. With the right breach detection tools in place, organisations will be able to deal with the increasing pressure of data collection and storage, implementing the correct security measures to keep up with these changes.

Morgan Jay, Area Vice President, Imperva