Prevention & Protection Strategies

The number of U.S. data breaches tracked in 2014 hit a record high of 783[1], according to a recent report released by the Identity Theft Resource Center.  An article in CNN Money estimated nearly one million malware threats are released every day[2].  Malware in general is more malicious than years past, with ransomware being just a small example of our challenges in IT.  Although Gartner stated that organizations will increasingly recognize that it is not possible to provide a 100 percent secured environment[3], businesses must develop strategies to prevent and protect from data breaches.

In a nutshell, the security landscape has significantly changed over the last several years and businesses must adapt by incorporating cost effective solutions to fight the ever-growing threats.  To complicate the issue, many IT departments have faced reductions of force and often have had budget constraints that limit their ability to stay ahead of the curve.

DSM has assessed a great number of environments and regardless of the size of the organization and number of IT people on staff, every assessment yields a great number of vulnerabilities.  Moreover, DSM has noted weaknesses during many of our assessments that indicate gaps in an organization’s ability to recover data in the event of a breach.  Backups were the traditional way to protect from data loss; however, it is no longer sufficient as a standalone solution.  In short, businesses must layer prevention and protection strategies.

 

Prevention Strategies

In simplistic terms, a prevention strategy should stop threats before they occur.  The question business leaders should ask is, “how secure are my systems and data?”  If a survey was sent to a dozen IT departments, most likely the results would indicate a broad number of strategies being deployed followed immediately by statements indicating that staffing and budgeting are limiting their ability to prevent malicious attacks.

Many business leaders are not technical and must rely upon their technical staff to provide guidance.  Often internal IT departments lack the knowledge and/or expertise in deploying technologies or processes to help mitigate against a breach.  Accordingly, DSM recommends asking these simple questions:

  • What are we doing today to prevent a data breach?
  • What limitations are we facing?
  • What is the process to validate our data and systems are protected?

The answers to these questions will help define the magnitude of information security as a true business threat.  Then the organization will be ready to determine the overall readiness and health of IT to the organization.

The most common practice of identifying issues and establishing budgets is leveraging a third party assessment.  Before embarking on an assessment, the business needs to ensure it is willing to put the effort to remediate and mitigate against identified risks.  Moreover, the firm providing the assessment must gain your confidence by showing it has a methodology that maps to your business needs.   Accordingly, DSM developed an assessment methodology that breaks down our findings into four categories.

  • Security
  • Management
  • Availability
  • Recovery

This approach produces a comprehensive review of an environment beyond traditional security.  In fact, it provides a review of an organization’s ability to recover and outlines improvements for systems management, IT automation and high availability to applications and data.  This proven methodology provides health checks of critical systems and applications in conjunction with assessing the security and overall recoverability of an environment.  Additionally, DSM provides budgets to remediate and strengthen the underlying technologies your business depends upon.

 

Assessment Woes

While IT Assessments are a proven approach to identifying weaknesses, not everyone is comfortable with a third party reviewing their environment.  Depending upon the situation, some technical people may embrace an assessment while others tend to avoid them.  DSM has performed a great number of IT assessments which have yielded many different views from the various IT teams.  One observation is that many organizations have a strong confidence in their solutions.  In some instances, we have experienced resistance to an outsider assessing their security posture due to insecurities.  Regardless of the maturity of an organization or the age of the systems that are deployed, auditors most always uncover issues that would have gone unnoticed until an event surfaced the weakness.  Simply said, everyone can improve process or techniques to secure infrastructure and data.  The real question everyone should ask is, “If a data breach occurred, how would it impact our business?”  SafeNet stated Data breaches have a significant impact on whether a customer will interact with an organization again[4].  Additionally, IBM and Ponemon Institute indicated that the total average cost for data breaches paid by United States companies increased from $5.4 million to $5.9 million[5] in 2014.  Is it worth the risk or should organizations have a preventative strategy?  We believe an assessment is only one layer of protection but it will remain a necessity to ensure organizations are following industry best practices.

 

Protection Strategies

DSM believes in the statement; it is not a matter of “IF’ it is “WHEN” as it relates to security breaches.  Accordingly, DSM recommends that organizations mature in the area of protection strategies.  Simplified, a protection strategy is a layered approach to protect data from being compromised and in the event of an emergency the data or systems can easily be recovered.  At a high level, organizations must go beyond traditional backups to ensure they are protecting critical and confidential data.  Confidential data should be encrypted to minimize the threat of leakage and organizations must consider technologies that streamline the recovery approach for corrupted or loss data.

 

How Effective are My System Backups?

The good news is technology is constantly improving; however, many organizations have made significant investments in backup technologies that may not be effective.  IT assessments have identified that many organizations are performing traditional backups, nevertheless they are lacking a comprehensive recovery strategy to recover data beyond a backup.  Accordingly, there are gaps between business requirements and the technical ability to provide instant access to data after an outage.  Disaster Recovery has been focused mostly on the fire or the hurricane but must expand into the real threat of today which is data compromise or leakage.

Today’s businesses require the ability to recover data from minutes ago versus last night’s backup.  An easy calculation for recovery times is if it takes one (1) hour to backup data, it will typically take two (2) hours to recover it with traditional backups.  Hence, how can we shorten our recovery time in the event of a virus such as CryptoLocker?  Beyond security awareness training to reduce the end user’s mistake, businesses must leverage technologies that provide automated snapshots of files or volumes.

DSM recommends reviewing your data protection solution to ensure it has adequate retention and archive for compliance and that it has the ability to replicate the data offsite.  In addition, it should tightly integrate into virtual infrastructure while giving the ability to instantly recovery both physical and virtual systems.

 

Performing IT Basics

One interesting finding that all assessments have disclosed is most organizations are not doing the IT basics.   IT staff reduction in conjunction with speed that technology changes has yielded an interesting issue.  IT departments tend to spend more energy with projects in parallel with troubleshooting the tireless day- to-day technical issues as opposed to keeping up with the daily management tasks.  Results show that patch management for Microsoft and third party applications is not managed well in most every environment.  While most have automated tools, many are not fully configured or lack processes to validate systems and applications are updated.  Moreover, some audits reveal that Anti-Virus can be sparsely implemented.

The reality is the day-to-day tasks which are essential to protecting the environment are somewhat boring which exasperates the situation.  Based upon our experience, it appears that many IT teams would rather learn the new upcoming technology rather than focusing on the daily management tasks.

Another driving factor for poor patch and AV management is that these lower-level tasks are often delegated to junior IT staff without the appropriate controls to validate.  As a result, critical tasks which are essential to protection and recovery are often overlooked due to the backlog of Critical and Important tasks that fill up the ticketing queue for those who have ticketing systems.  For the lesser sophisticated staff that does not leverage a ticketing system, these crucial tasks are lost.  Delegating low-level tasks does not mean you are minimizing the criticality or delegating the responsibility; it simply means controls such as reporting must be in place to validate on a routine basis.

 

Conclusion

In summary, the security landscape has significantly changed over the last several years and businesses must invest in strategies not only to prevent a malicious attack while protecting data but also have the enhanced recovery abilities.  Data protection has to extend beyond standard backups to enterprise-class systems that enable offsite replication and instant recovery.  In addition, solutions have to expand beyond backups to provide high availability to essential data.

The lower skilled tasks do not lessen the level of urgency to ensure backups and patches are pushed out on a routine basis.  Accordingly, management must deploy appropriate controls to validate these tasks are completed.

DSM recognizes that budgets can limit an organizations ability to have a foolproof system, nevertheless, DSM has leveraged a layered approach that delivers these services at an affordable cost.

7 Key Business Drivers for Assessing the Security of Your IT Environment

For more information about Information Security and how we can help you, please contact us at 863-802-8888 or security@dsm.net.

[1] Identity Theft Resource Center Breach Report Hits Record High in 2014

[2] Nearly 1 million new malware threats released every day

[3] Gartner Identifies the Top 10 Strategic Technology Trends for 2015

[4] Global Survey Reveals Impact of Data Breaches on Customer Loyalty

[5] 2014 Cost of Data Breach Study

 

Related posts