2010 data security trends: External attacks from the inside

Sentrigo announced its top data security trends to watch for in 2010.

A new type of threat: External attacks from the inside

Generally, companies have viewed attacks as either coming from outside the network perimeter or from internal users abusing privileges. However, the line between internal and external is blurring as a result of several new attack vectors:

• Organized crime targeting specific companies by inserting “sleepers” to infiltrate the organization as employees or contractors, solely for the purpose of gaining access to sensitive data;
• New types of malware, easily embedded in relatively innocuous looking sites, that take control of internal machines and attack autonomously from within;
• As the ramifications of a depressed economy continue to result in increased and longer periods of unemployment, the use of financial means to leverage insiders to assist outsiders via bribes or extortion will become more common.

Solutions that protect data, regardless of the source of the attack, will therefore be an essential component of an organizations’ security strategy.

Minimizing the surface area of attack will become the next wave to reduce exposure

Companies will begin aggressively removing sensitive data as soon as possible, much like the wave of email retention policies limiting exposure in eDiscovery.

Where sensitive data is required by multiple applications, and these applications store data locally, organizations will utilize techniques like tokenization. Instead of storing a credit card number or social security number, they will store a token that can retrieve this information securely when necessary, ensuring that only a single database houses the actual credit card number. By adequately protecting a single source and encrypting data in transit, exposure is significantly reduced.