It’s about this time of year when the top cybersecurity companies and experts publish their yearly reports on cyber trends, ranging from emerging threats and vulnerabilities to active exploits and the financial repercussions of breaches. Not just educational in nature, these reports serve a dual purpose for information security risk experts:
- Risk forecasting: By examining global and industry trends, leaders gain insight into the likelihood and impact of a breach, which would be a considerable challenge to communicate and measure against without effective supporting evidence. If you get it right, your organization can successfully manage risk. Get it wrong, and risk can be ignored or missed completely.
- Mitigation strategies: These reports provide recommendations to combat vulnerabilities and exploits. Identifying and suggesting methods to reduce the impact or likelihood of risk strengthens the partnership between the business and the risk management team. You don’t want to only provide knowledge of these risks without also providing recommended mitigation strategies, enabling the business to achieve its objectives.
Personalized risk analysis
When using global and industry-wide data, it’s important to compare the figures against your own organization’s incident history and pay attention to the variance from the statistics.
Just because a specific risk hasn’t manifested in your organization doesn’t mean you’re immune. Perhaps you lack the tools to detect such breaches and exploits.
Let these reports guide — but not dictate — your risk assessment strategy. The report’s most significant value may lie in ensuring your organization’s measures — detective, preventative, and corrective — are not only present but also effective.
Emerging threats and persistent challenges
While the reports provide compelling evidence that threats, vulnerabilities, and tactics used are consistently evolving, the target remains the same: data.
According to CISA, 33% of successful access attempts targeted data from network shared drives. The culprits? Often, they were misconfigured permissions.
As organizations transition to cloud storage and SaaS applications, the threat doesn’t diminish. Ponemon notes that 82% of data breaches involve data within the cloud, again, mostly driven by misconfigured permissions.
The message is clear: historical technical gaps, like misconfigured access, are moving to cloud environments, along with data.
The means of exploitation are constantly changing, but the result is always an impact to data. So, how can we effectively break this consistent trend?
Addressing the core — data protection
A recurring theme in which mitigation guidance was provided, the focus was on controls and processes layers above the ultimate target of data breaches. For instance, in response to the data collection phase of an attack, the suggestion was to monitor access logs and network communication logs to detect abnormal access to and transfer of data.
In another case, in response to ransomware, guidance provided a traditional defense-in-depth approach that included secure configuration, perimeter controls, anti-malware, vulnerability management, MFA, and security awareness training programs.
While vital, they overlook a key element: protecting data at its source. With the average cost of a data breach hitting an all-time high of $4.45 million with a per-record cost of $165, isn’t it time that direct data protection is prioritized?
Three pillars of effective data protection
In addition to the mitigation guidance already provided, they should also include three fundamental data security requirements:
- Gain visibility and maintain an accurate inventory of your most critical data. Understanding what is at risk and what bad actors are after allows you to focus on the highest-value targets.
- Ensure strict access controls granting only what is required for people and applications to perform their functions. Minimizing the damage of a compromised user or malicious insider is paramount to limiting the impact of a breach.
- Continuously monitor data and user behaviors. Use machine learning to detect anomalies and deviations from normal usage patterns. The right telemetry and insights separate signal from noise and ensure data protection outcomes such as frictionless access reduction and data disposition.
Charting the future of data security
To navigate this tumultuous landscape, data protection is the most important problem to solve and action is essential.
We have reached a point in time where people and applications are creating and exposing data at a pace that we can’t protect with manual processes and target agnostic security strategies alone. As risk professionals, embrace data protection strategies, understand their intricacies for proper assessment, and strongly encourage automation.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Scott is a Technical Evangelist at Varonis. Prior to joining the team, he held leadership roles at global fintech software companies and was responsible for enterprise IT risk management, third-party risk management, internal audits, assurance services, and regulatory compliance programs.