Big Data Security in a Wild West WorldMarch 22, 2016
The Internet is like the Wild West, where technology is evolving much faster than the laws that govern it.
The good guys and the bad guys operate virtually undetected in the Dark Internet, outlaws of the Internet that is invisible to most of us.
Unlike a decade ago, the Black Hats are no longer who we used to know in War Games where a high school kid nearly started World War III.
Nowadays, cybercriminals have diversified their attack patterns and identities. They are sophisticated crime syndicates who steal money or data, Nation States that attack, obstruct and observeor hate-sponsored attackers and terrorist recruiters. They often target private companies to get their hands on their confidential data, financial assets or intellectual property.
The White Hats are typically political activists with good intentions. Anonymous is ironically one of the better-known groups, currently blocking ISIS websites. The motive of the activist may be loftier than their Black Hat counterparts, but the net effect of their hacking can be just as destructive.
Above Security Weighs in on the Art of Big Data Security
Telehouse sat down with Fadi Albatal, SVP of Marketing for our partner Above Security, a Global IT Security Service Provider with a unique view on global data security, to share his insights on ways companies can prioritize their security roadmap in 2016.
Fadi is as much a philosopher as an engineer. He feels we are becoming more human through our collective experience across cultures and languages because education is no longer limited to members of elite society. Thanks to the ever-increasing possibilities and dimensions of the Internet, those barriers are broken forever and we are in an unprecedented age of innovation and creativity.”
Network Audit: An Ounce of Prevention
The days of “install a firewall and you’re good”—came and went in the 90s. For passive security to be successful, it has to become a link in a much larger security chain.
Surprisingly, most companies are not even aware that they’ve been hacked until they experience an event that uncovers the attack, for example a system or website breakdown .
That’s when they perform an audit and find they have a breach.
The average cost of a single data breach rose to $3.8M in June of 2015.
Larry Ponemon, Ponemon Institute
Despite countless news reports and cybercrime statistics, companies are just beginning to realize the potential impact of cyber security on their operations, and some never even find out there has been an attack. A regular security audit can prevent larger problems in the future.
Perform a Security Risk Assessment
“The first step down the path of a comprehensive IT Security program is to understand your current security posture.”, explains Fadi Albatal.
People are just beginning to realize the potential impact of cyber security on their operations.
“An assessment can be done by analyzing your infrastructure, operational model and risk model. That will determine your overall IT risk score. This score will allow you to understand the magnitude of the task at hand, and your potential next steps.”
Companies need to determine where they are on their security path. Are you semi-protected, well-protected, or not protected at all?
Uncover Where Exposure is Most Likely
It’s a dangerous mistake to think your own exposure is your only risk. It’s also the exposure of your customers. What information are they keeping in their infrastructure that may be vulnerable?
It’s not just about the information itself, it’s also about access to the information. In the same way, closing security gaps is not always about hardware, but also about the people who use it and how they use it, the practices followed and the rules and regulations that are in place. Often simple office procedures are not followed and open the door for hackers to step in.
Build a Roadmap: Focus Effort Incrementally
Having a big data security roadmap and an overall plan allows companies to prioritize where the greatest security risks lie and set goals and milestones.
You can implement access controls by limiting access to portions of your CRM, for example, or offer security awareness trainings for your employees. Every little step undertaken towards a holistic security program will count towards your goal of an overall healthy security posture.
Prioritizing keeps your efforts on budget and pinpoints where the greatest overall impact will be for your business model.
A security professional can save an enormous amount of time, frustration and of course, money, through intelligent road mapping and prioritization.
Semi-Annual Security Reassessments
Two things are always changing: attack patterns and infrastructure.
What worked in June of 2015 might not address a danger erupting today. Threats are not static. They evolve. Periodic IT security framework reviews are needed to identify the gaps.
Here’s what you can do today to strengthen your security posture:
- Review end-to-end what’s relevant, where employees are in compliance, and what are the greatest risks for your business
- Target the areas hackers are hitting or arelikely to hit first.
- Boosting security might also include employee training. Insider threats most often happen because people don’t understand or aren’t aware of the risk.
- Perform a periodic review of your current infrastructure and take corrective action
- The dynamic nature of cloud computing demands constant systems monitoring.
- A professional can help you bolster security and make the right decisions for your operation.
An information security risk assessment is the essential starting point for building your defenses against cybercrime and improving your security posture. Once you’ve identified your company’s risk score and know where you’re vulnerable, you can put together a step-by-step security strategy and build your defenses over time.
Also, it is essential to monitor compliance and adapt to evolving threats and changing infrastructure to stay at peak efficiency.
Fadi believes: “We will all have to come together as a society to create proper legislation, and activists will help to refine cyberspace.”
Telehouse extends special thanks to Fadi Albatal, SVP of Marketing for Above Security, a Telehouse Partner, for his insight on building a strong security posture in 2016.