ICYMI: Top Threats to Data Security Today
To kick off National Cybersecurity Awareness Month, iCorps hosted a cybersecurity summit with industry experts from Microsoft, Sophos, Datto, and Mimecast. The panelists covered everything from social engineering to the importance of multi-factor authentication. Couldn't make it? In this three-part blog series, we recap the central topics covered at the event. The first question posed to panelists: What are the top three threats to data security today?
Despite moderator Chris Stephenson asking for just three, far more data security risks exist—from user error to even crime syndicates—and many bear equal weight. The expert panelists from iCorps, the event host and Managed Service Provider; Datto, a data backup and disaster recovery solution; Sophos, a firewall and security expert; Mimecast, an email security specialist; and Microsoft's cybersecurity division each voiced their thoughts.
Chris Stephenson, moderator, iCorps Technologies: What are the top three threats to data security today?
Alan Toews, panelist, Sophos: I think the #1 threat is user behavior, because they are the first line of attack. If users are not educated, and are susceptible to just clicking on links that show up in their inbox, you have to react to a threat that's just gotten into your network.
Prefer to listen to the answers? Access the video coverage.
Ben Darsigny, panelist, Mimecast: I think the most dangerous threats are not just traditional URL based attacks, but those based in social engineering. These days you're getting a lot of attackers who are very knowledgeable and take the time to craft their attacks. They target an individual who is out there and available on the internet, whether it's LinkedIn, Facebook, a company website, et cetera. They make it very difficult to recognize when one of these attacks is happening, versus getting an email from someone they trust. So the use of that to steal credentials, and get into the broader network has the biggest impact among the attacks that we see today.
Michael DePalma, panelist, Datto: This is what organized crime has shifted to because there is so much money to be made, and very little risk of getting caught, especially with the prevalence of Bitcoin and other cybercurrency. We're seeing foreign governments get into this, terrorist groups. That's why they're so sophisticated—because everything is connected. We hear about the "internet of things" and it has become kind of an annoying term at this point. But it's true—you can get in from anywhere. And their intentions are often much more devious than just trying to exploit a few thousand dollars.
Laura MacDonald, panelist, Microsoft: What we're talking about is stealing data, but too many organizations don't know what data they have. They don't know where it is or how to classify it. So once they get through the first layer of the user, if you don't have a data management or data classification program, you're really setting yourself up for failure. GDPR is subject to that. It's not just about whether data is stolen, and how to respond. Now, any citizen in the EU can reach out and say "You need to tell me where this is, and you need to do it quickly."
Jeffrey Lauria, panelist, iCorps Technologies: So we talk about three pieces. Users are first and foremost the front line. The second thing is shadow IT and cloud services. To Laura's point, we don't know where the data is, or where it sits. Users aren't trying to be malicious. They're trying to be productive. In an organization you may be using Office 365 and SharePoint, but someone is using Box. You don't know what data is sitting there.
So controlling the data and understanding where it is is essential. And the third part is having your team, and your organization adopt security. It is amazing today that I will go in and talk to business leaders who are not using multi-factor authentication(MFA). MFA is the single biggest thing that you can do to protect not only users, but data itself.
Stephenson: 90% of the world's data was created in the last three years. That's how rapidly we are generating content. How do you help and educate your customers about this?
MacDonald: So DLP, data loss prevention, is a term that's been out there for a very long time. At Microsoft we've built it right into the data itself. It's within the email and Office docs. We just announced, last week, that Adobe has the data classification built in. Should it get out, only those with access can actually access it. Start with your crown jewels, the content that is critical, then work backwards.
Darsigny: We're in a pretty unique position because we're often doing the gateway security, both inbound and outbound, and archiving for our customers. That means all the security information cataloged in the gateway is tied back to the email and the archive, which we let our customers keep indefinitely. So we have an audit trail of the history of that entire message. Not only where it came from, but where it is going, and what policies were applied to it. In that way, we're keeping a full audit log of everything that has ever happened to your users through email. So we're providing that piece of the puzzle for our customers. And I think that kind of approach is what needs to be done on a full scale basis within an organization, using a few different tools.
Toews: I live on the network side of things at Sophos—we handle the firewall product lines and firewall management, so when I look at things and where data lives, it's not so much looking at how documents are created or handled themselves, but instead acting as a gatekeeper. You see where data is either entering or exiting the network. And that's your point of interaction, where you can inspect and make decisions—should this go out or not. One of the approaches that we have taken with customers is to say, what if we just encrypt everything? So that when things leave the network, it is done safely.
That is an approach that we have seen, and has been very successful for us. It's interesting in that it takes a different look at the equation and says - instead of looking at that data and having to identify if it is safe, or isn't, let's just blanket say it's not worth it. Let's protect everything and then, at the gateway, we can make decisions about whether traffic is going to leave, and if this is something you want to share or not. It puts it in the users hands a little better.
Lauria: When you are working with a third party vendor, and you ask them about their applications, one of the things you want to be aware of is that a lot of companies will use other people's certifications. So when you're working with third party vendors there are a couple of questions you need to ask: what do you do? Can I see your controls? Are you having vulnerability tests? When's the last time you had a security professional come in and look at your organization? So when you work with your vendors, you have to do that. Security, backing up, that is all on you. If you're running remote desktop, multi-factor, ultimately that is your security shelter.
Want more from our Cybersecurity Summit? Check out icorps.com/summit to sign up for iCorps' event updates or check out the other blogs in this series: