By Dave Sikora
The first step in developing a resilient cybersecurity posture is identifying what it is you are trying to protect. For most businesses today, that most valuable asset is data. Customer data, partner data, internal data – it’s the information you rely on to operate and grow.
Whether through intentional malicious acts or simple negligence, the “insiders” with access to data are the biggest threat to security and privacy. More than 90 percent of organizations, according to a report by CA, believe they are vulnerable and nearly two-thirds also report a shift in focus toward insider-threat detection.
Addressing the top 5 threats to your data is crucial in building a layered, data-centric approach to security and privacy in a world where data is the currency in the bank and it seems everyone has a key to the vault.
Guessed and stolen credentials
Obtaining user passwords is one of the most common ways cybercriminals breach security defenses. Using brute force or dictionary attacks, hackers essentially “guess” user passwords based on poor security hygiene and open-source intelligence.
They also hoard information exposed in breaches and engage in credential stuffing, testing the combinations on unrelated sites. Many individuals use the same password on multiple platforms, and cybercriminals are also adept at manipulating credentialed users into giving away passwords through phishing and spear-phishing campaigns. Even security “strength” indicators are also weak tools for measuring password strength.
For these reasons, firms turn to technology that recognizes unusual behavior around data consumption. This is a key aspect of the data governance approach, for instance, deployed by ALTR lets developers embed data security directly into applications when they are built. The idea is to prevent breaches in real-time by slowing down or blocking the flow of data when consumption exceeds set thresholds.
Private data exposure
Businesses today rely on their relationships with contractors, vendors, and partners to ensure every facet of their organization is optimized, yet even trustworthy partners can pose a risk. One example is third-party application developers. In an effort to use realistic datasets to build and maintain applications, they often end up inadvertently accessing private data.
Unfortunately, the most common method for protecting private data is to control application access. However, this creates gaps in data governance since the protective tools are primarily about people and not the data itself. Newer methods use data classification groupings, such as data that is regulated by GDPR or HIPAA, to enable data-centric controls associated with these groupings.
Responding to the increase, the programmable data security model employed by ALTR embeds data governance directly into applications into the critical path of every data query. This enables real-time policy checks that determine whether data should be dynamically masked, slowed down, or blocked entirely for certain user groups.
Theft using privileged access
Database administrators (DBAs) or IT leadership typically have access to database servers, encryption keys, and tokenization maps. These users are able to easily bypass governance. Unlike excessive privileges given to regular employees or vendors, privileged access compromise refers to the abuse of administrative rights. In this case, users with administrative credentials may access confidential information, privileged account details, sensitive personal information, or intellectual property. It is important to note that privileged credentials are also subject to theft.
How do most organizations attempt to ensure the security of this data? They encrypt it, however, it enacts a heavy performance toll on transactional data and is vulnerable because of keys. Keys often have to be stored conveniently, and once someone has the key, they are able to decrypt data. The strongest encryption methods still use a key to decrypt stored data, and even where stronger internal user controls are in place the theft of privileged credentials or the elevation of low-access privileges is an unmitigated threat.
To address privileged access, ALTR leverages smart tokenization and fragmentation via private blockchain to obfuscate data-at-rest. Instead of encrypting and storing the data in a “secure” database with keys nearby, sensitive data is replaced at the column level with a reference hash and then disassembled and stored in self-describing fragments. When needed, it can be reassembled at application speed with very low latency.
Software or hardware misconfiguration
As organizations install new hardware or transfer to a new software application, simple missteps can wreak havoc on security architecture. Insecure default configurations, incomplete configurations, unsecured cloud storage, misconfigured HTTP headers, and missed patches and upgrades are all examples of misconfigurations. In these cases, a single unchecked box might lead to devastating security holes.
Most organizations today do not have structures or tools in place to solve for these security gaps. Thresholding data, which establishes limits on data consumption at the application level, is a way to approach a potential insider threat to “smash and grab” data. Insiders often need access to sensitive data to do their jobs, but the amount of access, and what they do with that access, can vary tremendously. Thresholding data enables the business to slow down and stop data exfiltration as it is happening, allowing operations to continue while validating use.
In addition, a key defense in this scenario is to protect the data when it is at rest. Even if an attacker enters the network, they cannot access the data. Improving on less secure encryption keys, businesses today are also moving towards a keyless data obfuscation model such as the fragmentation technique previously mentioned.
Modified database access logs
Typically, a database is continuously monitored, and access logs are kept regardless of an incident. These logs identify who accessed the database, when, from what device, and include other pertinent details that are valuable in a security investigation.
Cybercriminals have proven adept at modifying database access logs. Depending on their intent, they may alter them to show another user accessing the database or simply delete any evidence they were ever there.
To identify these changes, an organization must continually review the log files, a process that is prone to human error where subtle changes take place. And while the tools used to analyze them may reveal something suspicious or even an obvious breach, they are far from reliable.
A technical view to removing the ability of users to modify records is gaining recognition as an alternative. This prevents users from modifying records by saving every data access event to an immutable blockchain, for example, where it cannot be altered and there is no need for complex predictive analytics and behavior monitoring.
Data is everything to the enterprise
Data is the raw material that fuels business, driving growth and building the future. That is why it is essential to take steps that ensure the data on which they rely is secure. Unfortunately, most organizations are reactive, operating without visibility into data flow.
While humans remain the largest threat to data security, many are working tirelessly to develop new technologies to better manage our faults. Understanding the top threats to data is indispensable for identifying the right solutions.
About the Author
Dave Sikora is the CEO of ALTR. Dave Sikora is a technology industry veteran with more than 20 years of experience that spans enterprise software, data intelligence, private equity, mobile applications, and supply chain solutions. As CEO at ALTR, he is focused on expanding the ways enterprise companies can reduce threats to data security and privacy. Sikora holds an MBA from Harvard Business School. ALTR is the first provider of programmable data security, which embeds data monitoring, governance, and at-rest protection natively into application code to provide a dramatically more effective, more portable, simpler data-security model. Using a smart database driver or API that serves as a single integration point, ALTR makes it possible for development teams to place security into the critical path of data and handoff management of governance and protection policy to security and compliance teams. Further supported by private blockchain to provide integrity to data access auditing and protected data itself, it is a completely portable approach that neutralizes data access risks from even the most privileged users while accelerating innovation and reducing the cost and complexity of data security. ALTR, which holds 21 issued and allowed patents and has more than 30 patents pending, is based in Austin. Dave Sikora can be reached online at (@altrsoftware, 1-888-757-2587) and at our company website http://www.altr.com/