To Minimize the Damage Caused by Breaches, Data must be Effectively Locked Down

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.infosecurity-magazine.com/opinions/minimize-damage-caused-by-breaches/

The huge number of components, devices and users, and the enormous volume
of data that is created, transmitted and saved every day, mean that
organizations must manage complex systems. Every day these systems are
subject to different types of attack against the sensitive information of
clients, employees, and confidential business data.

Despite the evolution of technology, management protection systems within
companies, awareness plans, and massive investments against hackers and
cyber-attacks, organizations continue to be threatened.

In fact this condition is spreading. The Ponemon Institute found that in
2014 the average cost to a company from a data breach was up 15% from the
previous year. Attackers have become even more dangerous, using the help of
social engineering, sophisticated automated tools and a wide range of other
methods. Malicious and criminal attacks were the most costly types of
cybercrime to a business, the study found.

Years ago, companies used to keep these incidents and breaches secret to
save reputation and the loss of customers, suppliers, and partners. But
lately companies and information security professionals have started to
accept that data breaches are often impossible to prevent.

Now an organization’s information security posture should consider risk
resilience and incident response plans in order to manage and mitigate the
damaging impacts of data breaches. There are already some methods that
intend to help organizations with such issues.

First, organizations need to know about their data sensitivity (the kind of
data they have and how important it is). They need to apply policies and
regular audits on how to access data, remove the parts they do not need,
protect the sensitive elements and ensure what is left is well organized
and easily searchable.

Sensitive, high-value documents such as customer records, intellectual
property and contracts need special treatment. The growing volume of data
and different media, devices and systems used as storage devices makes the
locking-down process complicated.

One way to lock data down is to use encryption techniques to secure the
confidentiality, availability, integrity and nonrepudiation of data just
for intended users. Encryption techniques are used to secure safe transfer
from one storage place to another, then to secure data within storage
systems within organizations and also to secure data in storage systems
like the cloud.

Another method is to use tools that will enable privileged management and
access rights for the document and files. This can be done by using
passwords which will allow only the right users to have access to specific
data.

Moreover, in order to keep data secure, attention should be paid to the
download process of different applications. Applications should be
downloaded only from the secure sources which are known as official
application stores. Downloaded applications from insecure sources can
infect devices with malware and viruses.

In conclusion, data breaches will happen, so to successfully manage data,
effective solutions should be used, locking the data down in a way which
keeps it secure. Even if a company is subject to a data breach, saved data
will still be safe and the attacker will not have be able to have access
and gain information. This will minimize the damage that can be done.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!