As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Arti Raman of Titaniam breaks down critical points of discussion on data security, and why your company needs to develop a strategy for cyber immunity.
Protecting sensitive customer data, or personally identifiable information (PII), is a high priority for companies in verticals ranging from financial services to healthcare and retail. Chief information security officers (CISOs) for these industry organizations know that safeguarding this data creates customer trust and avoids costly compliance violations and lawsuits. That’s why CISOs and data protection officers rigorously apply National Institute of Standards and Technology (NIST) controls to all data classified as PII. No one wants to be the next headline on CNBC or a cautionary case study in a cybersecurity publication.
Yet the reality is these risks pale next to another enterprise challenge: protecting security data. Companies maintain a huge inventory of cloud services, on-premises systems, and business applications. As a result, IT and cybersecurity teams need to maintain and protect security data about these systems, such as information about enterprise networks, asset configurations, unpatched vulnerabilities, and other security analytics.
Cyber Immunity and Critical Points of Discussion
Cyber-Attacks Using Security Data Cause Significant Harm
This information contains the keys to the kingdom: data that can be used to launch devastating attacks. And here’s the worst part: These attacks no longer just hurt a single company just one time. Security data can be used to launch supply chain attacks that harm hundreds or thousands of customers. Attacks on government services or critical infrastructure can compromise the security and operations of a nation, states, or communities. And security data can also be used by malicious actors to launch repeat attacks on the same firm, causing ongoing harm. A recent survey found that 80 percent of businesses that paid ransoms experienced a second attack, and nearly half were likely from the same digital threat group. To use a metaphor, if companies are patients, they’re much sicker than they know. The only cure is to inoculate them against these significant gaps that attackers can and will exploit.
So, security data must be protected. But it also needs to be actively used by IT and security teams, who need to monitor and maintain their company’s network and assets. Similarly, customers of companies, such as cloud or managed service providers, want to be able to access their systems. So, how can this problem be solved, to give CISOs the surety that their security program is truly best-in-class?
Develop Cyber Immunity
To develop an effective cyber immunity strategy and protect their security data, companies need to be able to accomplish three goals. These goals are to
- Ensure valuable data and intellectual property can’t be stolen
- Make exfiltrated data ineffective for extortion
- Immediately restore disrupted services.
Even the most sophisticated enterprises are typically only able to accomplish the third goal, restoring services. That means that the vaccine to treat these risks is incomplete, and the damage from the illness gets locked in when data is stolen and misused.
This strategy uses an array of data protection techniques, such as encryption-in-use, traditional encryption, private data release, customer-controlled keys, and enterprise-wide key orchestration, to safeguard data. The source security data always maintains its encrypted-in-use status, and an encrypted search index is automatically created based on pre-declared search types. As a result, security data can be safely used by company or customer teams, actively move across the enterprise, and remain protected throughout its entire lifecycle.
So, what happens if networks are breached? Attackers can no longer use their preferred strategy of using stolen administrator credentials to move laterally and vertically inside company networks, extort ransoms, or both. Previously, attackers have been able to stay inside corporate networks for up to 287 days before security teams realize they have a problem.
Safeguard Security Data Down to the Field Level
Security data continues to be protected by encryption-in-use and will not yield clear text, even if breached using the highest privilege credentials. This data can be protected down to the individual field level, offering granular protections. Companies that want the highest level of protection can also use data security protection to build systems from the ground up that are natively immune to data compromise.
Data security protection plugs some major gaps for companies today. Some 61 percent of cyber-attacks use stolen user credentials to access networks; CISOs know that stolen administrator privileges and other security data cause the worst damage. In addition, unpatched vulnerabilities are the preferred threat vector for ransomware groups. Thus, protecting these lists can add another layer of defense and help prevent a ransomware attack, which costs $4.24 million on average, and can completely disable business operations.
The Security Data Problem Is Growing and Companies Need Help
Attackers are getting more sophisticated. They’re selling stolen credentials, productionized and weaponized malware, and data on vulnerabilities on criminal marketplaces, increasing the velocity and impact of attacks. NIST reported finding 18,738 vulnerabilities in 2021, and the list is by no means definitive. Meanwhile, companies’ fast-paced digital growth means more systems to protect. The average enterprise operates 364 SaaS applications, with more than half operating as “shadow IT,” or remaining outside of IT’s purview.
So, maintaining the status quo is no longer an issue. The good news is that by deploying zero-trust data security protections companies can hide the keys to the kingdom from prying eyes. By so doing, they can inoculate themselves, becoming immune to ransomware and multiple extortion attempts. They also can immediately meet data protection requirements for major regulations, a common pain point for many companies. Zero-trust data security platforms provide field-level auditable certification that protected data retained its NIST-certified encryption during attacks. That’s compelling proof to any regulator.
It’s easier than you think to become cyber-immune from disabling ransomware attacks and external dumps of security data. Deploy a zero-trust data security platform today.