Preventing Information Security Breaches

November 6, 2018

Posted in: Technology

Modern information security breaches follow a very specific pattern and most organizations are simply not designed to stop these attacks, and unfortunately not even able to detect them for months and sometimes years later.  In short, hackers today use malware rather than direct attacks to compromise organizations like Equifax, Uber, Anthem, Target, Home Depot, JP Morgan Chase, eBay and most others over the past several years.  Why?  Direct attacks require hackers to compromise firewalls, subvert intrusion detection systems and a host of other edge based/perimeter based security layers.  This requires vulnerability detection and exploit and a host of skills and tools to accomplish.  Malware on the other hand is really quite easy.  You get someone on the inside of the company you want to compromise to install malware, and you are in!  And this can be as easy as sending a link in email or social media.  It can be getting the user directed to a malicious or compromised website that infects their computer.  It can be with a USB, portable hard drive, etc. that the user brings from an infected home computer or something picked up at the local coffee shop.  Once malware (malicious software) is installed on an internal computer, the software can create an outbound encrypted tunnel back to the hacker who can then control the system in complete stealth.  Firewalls can’t stop it.  IDS/IPS systems can’t detect it.  The traditional layered security model has little value from these attack types.

 

Organizations attempt to protect the end user systems with updated patches and anti-virus software.  Unfortunately these solutions are less than effective.  A Senior Vice President of Information Security at Symantec told the Wall Street Journal that “antivirus software only catches 45% of malware attacks” and is “dead”1.  As a result, organizations are left with a major gap in their information security posture which needs to be addressed if they have any hope of stopping attacks.

 

The first thing an organization must do is understand where their sensitive data is.  For many, it is in the form of real-time transmission (data in motion) of sensitive data such as credit cards from point of sale (POS) systems like in the case of Target.  For others it is repositories of sensitive data (data at rest) such as social security numbers, health care information and a host of other things like in the case of Anthem.  Many companies are exposed to both sensitive data in motion and at rest.  Solutions such as data loss prevention and dynamic malware protection are designed to stop the data in motion threat.  For malware infected POS systems, these are necessary security solutions.  However this strategy is basically saying that you believe the attackers are going to get access to your data and you want to prevent the data from leaving your network.  For data at rest, we must do more to stop unauthorized users from accessing the sensitive data in the first place.

 

Our data breach prevention service is designed to prohibit access to sensitive data at rest without impacting the day to day operations of your business.  A common practice of hackers is to get access to a users system and then through a variety of techniques, escalate that users privileges to be an administrator on the domain, which usually has access to everything.  Our solution separates your active directory (AD) or RADIUS authentication of users from the authentication used to secure your sensitive data.  As a result only those with authority to access the data can see it rather than any user or any user with escalated privileges.  Plus enhanced auditing capabilities allow you to see who is accessing what and when they are doing it.  This is a far superior solution than simply encrypting your servers or data stores where key management is combined with access itself.  In these solutions, encryption for data at rest only mitigates the risk of the physical server being stolen.  With the our solution, it separates key management, adds separate access controls, and enhanced auditing to offer the peace of mind needed when securing data at rest.

 

Today’s information security breaches have a major impact on organizations that are affected.  Target may be liable for up to 3.6 billion as a result of their attack2.  Most organizations see major changes to their executive management teams as a result of a breach.  Stock prices plummet and sometimes do not recover.  Customer trust is lost.  The brand is tarnished.  Fines and fees are assessed.  Usually class-action lawsuits are filed.  Revenue and profits are dramatically impacted.  Regulatory and industry compliance is impacted.  In other words, the cost of implementing the right solutions to protect your organization against these latest threats are extremely small compared to the impact of a breach. A simple ROI analysis shows these solutions are an absolute business requirement these days.

 

Our solution is designed to work with large and small networks.  If you have a 2000 server farm with NPI data or whether you have a single server or database in your office, we can secure these systems without any infrastructure or capital costs.  Best of all, our solution is completely transparent to the end users.  No need for PC based agents or key management.  All the security has handled seamlessly without any change in end user behavior.

Breaches can be avoided when up-to-date security measures are in place.  Traditional thinking with the use of a layered network security model will not stop hackers.  Almost every single reported hacker breach over the past several years has used this method.  Is your network prepared to block an attack based on these latest threats?  To find out more, visit our Security Services Page.