In case you were off enjoying a well-deserved summer holiday and are, like I am, a firm believer in disconnecting from the world while on holiday, you might have missed the recent hacker document dump of the U.S. Democratic National Committee (DNC) emails. Personal note: if you did find a place remote enough to not hear about this, please send me the coordinates as I want to visit there ASAP.
Information security professionals have long operated under the mantra ‘prevention is ideal, but detection is a must.’ Many professionals have extended that mantra to include the concept of ‘response’ to detection. Usually response is considered in terms of technical tools to speed remediation and improve prevention of future attacks. The DNC hack, like many other hacks before it, highlights the financial value of knowing what was in the data that was exposed.
When it comes to evaluating the monetary value of knowing what data is exposed, ransomware is the ultimate capitalistic exercise. Hackers attempt to determine the right balance of 1) The organization’s tolerance to data loss, including the safeguards the organization may have in place; 2) The value the organization places on the data; and 3) The value they place on public knowledge of a data loss incident. The ransomer’s goal is simple, set a price point that the organization is most likely to pay.
While ransomware is foremost in many of my conversations with C-level executives, the danger of an insider threat is also a recurring topic of conversation. In the past six months I’ve been asked for help with the following:
- “Our top designer went to work for our biggest competitor, what data did they take with them?”
- “We had a friendly merger with another firm but their top 6 engineers left shortly after the merger, did they take any data with them?”
- “One of our senior execs laptops was stolen; do we have any government mandated reporting requirements?”
All of these are questions ultimately seek to assign a dollar value to knowing what data was exposed and what information was in that data.
A well-designed modern endpoint backup solution can help you know the value of your data and remediate those threats by:
- Performing point-in-time restores to before ransomware hits.
- Showing you what data was copied to USB devices or personal cloud accounts before an employee leaves your organization.
- Helping you determine what data was on a stolen device and the extent of your exposure.
- Making it easy for employees to restore their data after a viral ransomware incident.
- Never paying a ransom.
For years, those of us in the backup space have defined our value proposition as: Knowing what data was on a device that crashed/was lost/was stolen. Modern endpoint backup extends visibility to the data on a device that was compromised by an insider or a hacker.
Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.
Charles Green, Systems Engineer, Code42
[Cloud Security Alliance Blog]