Saturday, January 28th was Data Privacy Day. We’re proud champions of the National Cyber Security Alliance’s focused effort on protecting privacy and safeguarding data. But at Code42, we know that one day isn’t enough. We dedicate an entire month each year to reaffirm our critical role in keeping our customers’ data safe.
This year, we initiated an annual Certified Information Systems Security Professional (CISSP) training program at Code42 and trained staff on the eight common bodies of knowledge defined by (ICS)2 to earn the coveted credential. We embedded a new tool in our email system for Code42 employees to report phishing attempts. And, we hosted a panel discussion with representatives from the FBI and Secret Service to learn more about how they combat cybercrime.
But we’re not here to talk about what we did to keep our data safe. We’re here to talk about what you can do to protect yours. The first step in any cybersecurity strategy: situational awareness.
Your Employees Are Being Targeted: Part One
Your end users, and their devices, represent a very large mobile attack surface. IT and InfoSec professionals spend far too much time cleaning up issues caused by employees who fall for phishing emails, click corrupt links, or engage in careless online behavior. These unintentional “user mistakes” are one of the biggest threats today, causing around 25 percent of data exfiltration events.
Why do users make so many mistakes? To put it simply, most don’t care. They believe that if IT is doing its job, no threats will reach them and they have nothing to worry about. They believe that if they have an error in judgment, or do something foolish, IT will always come to the rescue. They actively ignore security policies and find creative workarounds for security measures they view as an inconvenience.
Your Employees Are Being Targeted: Part Two
It’s one thing for your employees to make mistakes. It’s another for them to deliberately remove data from your organization. Unfortunately, that’s exactly what happens quite often, and it’s part of the reason why 78% of security professionals say insiders are the biggest contributors to data misappropriation.
With your company’s IP making up 80% of its value, the potential damage from malicious insider threat is enormous. To help spot vulnerabilities, look for “Shadow IT,” the tools and solutions your employees use without explicit organizational approval that often pose measurable risks. Many tools that are unapproved by your IT department also place the data they’re accessing at risk and often there’s no overall management of these tools.
The Solution: Backup and Real-time Recovery
I have often said that there are only two types of networks in this world, those that have been breached and those that are being attacked. The fact is, security breaches occur to varying degrees of severity at all Fortune 500 companies. If a breach results in being denied access to your data, the C-Suite expects IT to get them back up and running. What they are just now learning is that this can be accomplished in mere minutes, or hours without overwhelming support staff! The solution to protecting your company from inside threats, ransomware, or any other cybersecurity issue is real-time recovery on the endpoints.
This is what the FBI has been urging businesses to do for years: regularly back up data and verify the integrity of those backups. It’s equally important to ensure that backed-up files aren’t susceptible to ransomware’s ability to infect multiple sources and backups. Consider these key points:
- When endpoints are infected by ransomware, real-time recovery can roll back clean versions of every file, including system files.
- While other solutions such as File Sync and Share (FSS) programs can import ransomware to its mirror mate (as they are designed to do), enterprise endpoint recovery solutions can roll back all files to earlier dates (versions) and restore them.
- When a device gets stolen or damaged for whatever reason, or when an employee leaves with valuable company data, real-time recovery can roll back each and every file on the device. This keeps the business operational and provides options relative to how they want to deal with the departed employee.
There are many tools on the market that claim to protect your data, and many indeed do a good job. But a sound cybersecurity policy begins within. You can’t protect your data if you don’t understand where it is and the threats you’re up against.
Rick Orloff, Chief Security Officer, Code42
[Palo Alto Networks Research Center]