The number and variety of threats to your business and personal data are always increasing. In 2019, attackers have become so sophisticated that it can be a struggle to stay ahead of them. As many as a third of organizations cannot protect their data from cybersecurity threats.
Read on to learn about some of the common data security threats, as well as a number of tools and practices that can help you protect your data in the event of a breach.
What Is Data Security?
Data security encompasses the practices that security teams use to secure data, whether in storage or in use. The role of security personnel is to maintain data confidentiality, integrity and availability, which typically involves measures to detect, block and remediate security threats. Failure to secure your data can erode customer trust and result in legal and financial consequences, with the average cost of a data breach estimated at $3.86 million in 2018.
Common Threats to Data Security
There are numerous cybersecurity threats that can cause data loss, damage or theft. If data becomes unavailable, even for a short period of time, it could severely impact your business operations. If data is lost permanently, recovery is much more difficult. This is especially worrying given the number of potential attack vectors.
Data breaches are often the result of human error—an employee unwittingly downloads malware or discloses sensitive information, or the security team fails to apply vulnerability fixes to software. Once a system is infected, it can be exposed to further attack, meaning that it is important to catch security threats as early as possible.
The following are some of the common techniques used to breach an organization’s network, and can often be used in combination with each other:
- Brute force attack—a technique used by attackers to gain entry to a system, this involves iteratively testing different passwords to try and crack the authentication barrier.
- Insider threats—a user, typically an employee, with legitimate access to sensitive data misuses that access. This could be by accident or intentional, as in the case of a malicious insider. If a legitimate user suddenly begins to behave unexpectedly, this could indicate an insider threat.
- Phishing—a form of social engineering attack, a corrupted link is sent, typically in the form of a spam email, with the goal of tricking a user into opening it and downloading malware. A successful phishing attack can grant the attacker access to sensitive data or a restricted area in the network, and is a vector from which they can stage other attacks.
- Man in the Middle (MitM)—an attacker intercepts network traffic and forwards it to a third address, allowing them to steal data. MitM attacks often remain undetected.
- Advanced Persistent Threats (APTs)—a threat actor gains access to the network and remains undetected for a long period of time. APTs usually don’t affect the functionality of your system but rather steal data on a continual basis.
- Denial-of-Service (DoS)—this affects the availability of data or services. A DoS attack involves overloading the system with traffic so that it can no longer handle legitimate requests, rendering services unavailable.
How You Can Protect Your Data
The following tools and practices should help you keep up with the latest security threats and prevent your data from being lost, damaged or stolen.
Data Loss Prevention (DLP)
You can use an intelligent DLP solution to help prevent data loss. You can combine this with traditional measures such as data backup, as well as remediation measures to restore data in the event of a breach or outage.
Cloud storage can be particularly useful for this, as the major cloud providers tend to offer a variety of availability zones, which are physically separated data centers that provide redundancy in case one zone fails.
Combining two or more access credentials can help strengthen your security perimeter. Rather than simply relying on a user name and password, you can place an additional barrier to potential attackers by necessitating the use of a device verification code or asking questions that only the user will know the answer to.
In some cases, you may wish to use biometric data such as fingerprints, which would be difficult for a threat actor to fake. Two-factor or multi-factor authentication will help ensure that only an authorized user can access the protected data.
Traditional antivirus (AV) is effective for detecting and blocking malware at a basic level but it is often insufficient for more sophisticated threats. Next-generation antivirus (NGAV) considers the context of an attack, rather than focusing on the malware itself. This allows it to anticipate threats and detect stealthy malware that traditional AV might miss.
NGAV works by scanning all endpoints to detect indicators of the tools and techniques used by attackers, rather than searching for specific, known malware. This allows it to catch attacks that don’t have file signatures. Another advantage over traditional AV is the ability to remediate threats, blocking attacks that are already taking place.
Endpoint Detection and Response (EDR)
EDR complements traditional Endpoint Protection Platform (EPP) capabilities by providing insights on endpoint threats. While endpoint devices present a window of opportunity for attackers, it is simply not an option, in most cases, to do away with them altogether.
For this reason, it is important to have a mechanism in place to monitor endpoint activity and report on any indicators of compromise. While prevention is the best form of defense, the ability to respond in the event of a breach is just as important.
User and Entity Behavior Analytics (UEBA) is a tool that uses artificial intelligence to detect behavioral anomalies in your network. It works by establishing a baseline of normal behavior patterns, which it can then use to compare to actual behavior. If there is an unexpected activity, such as transferring sensitive data out of the network, the security team will be alerted.
UEBA can be combined with Security Information and Event Management (SIEM), which helps gather threat intelligence from various sources and correlates all security data in a single management system. SIEM capabilities can also be enhanced with the help of AI. When combined, these tools can identify security incidents in real time (zero-day attacks) and are especially useful for detecting insider threats, which can easily slip past AVs and firewalls.
Everyone with access to sensitive data should be aware of the security risks and understand the basics of how to mitigate them. If all users take measures to protect their data, such as creating secure passwords and avoiding suspicious emails and websites, they will be able to reduce the risk of phishing or brute force attacks. This is an important factor in reducing the human error that contributes to so many data breaches.
An Incident Response Plan (IRP) is an essential component of any security strategy. It ensures that prescribed measures are taken to remediate attacks when they occur, retrieve lost data, and notify the affected parties. To improve efficiency, you can create an incident response playbook, which will enable an automated response.
Despite the proliferation of cybersecurity threats, combined with the severe consequences of a data breach, it is possible to reduce the risk of attack and remediate the damage in the event of an exploit. It is important to catch threats quickly, before they can cause damage. The tools and practices listed above are a good place to start, and should be considered when planning a data security policy to protect your organization and its data.