Studies such as last year’s Ernst and Young report, highlight the current deficit in IT security with only 4% of the 1,900 executives interviewed reporting that they had sufficient cyber security defense measures in place. The new Data Protection Regulation created to address these deficiencies was also in response to the increasing consensus amongst the governments of the EU about the need for corporate data protection coupled with increasingly more high profile data breaches in the media. The new regulation would see all pan-EU companies that do not fall into the SME category (under 350 employees) being forced to appoint a data protection officer to oversee the storage and management of consumer data, and all companies regardless of size being forced to report any breach to the data regulator within 24 hours.
It’s a reminder that it is in every company’s best interests to ensure these controls are in place and that they have the necessary safeguards implemented to protect their intellectual property. Companies are starting to realize the need for cyber security awareness as demonstrated by the new alliance to support the Linux foundation to prevent future problems like the Heartbleed OpenSSL bug. It is the hope that this growth of regulation will ensure that companies are aware of the threats posed by cyber-attacks needs to be taken seriously.
What steps can IT managers take to ensure their data is protected and how can they convince the board that each solution is worth the investment? I've broken down some of the key steps that can be taken as part of a data protection program.
1. Honeypot in your network
Detection can often be the most difficult and most important part of an attack. For instance, how do you distinguish between legitimate traffic and non-legitimate traffic in your network? Many of our customers say that when trying to monitor activities on the network, whether via network device or an endpoint agent, the false positive ratio is very high.
Importantly, there is a concept which allows companies to implement cyber security solutions which create a “shadow network” inside their internal networks. The solution scans the customer environment and creates a new network which will represent the “real” network of the customer. The “shadow network” acts as a honeypot network trying to lure attackers, whether they are external or internal, and hosts “dummy data” to complete the illusion.
As no one knows about the network and shouldn’t really have access to it, any approach to the network resources will be considered as an attack. This can be an insider that is trying to get access to data that he/she shouldn’t or an attacker that is already in the network and is looking for “weak systems” to gain more access.