Recently, the U.S. National Security Agency was disastrously compromised, flooding the dark web with its own cyberweapons that are now available to the highest bidder. This raises critical questions for firms, which now find themselves in the crosshairs of the very weapons meant to protect them. Now, it is every firm for itself in this new “Wild West” of global cyberwarfare.
So how can businesses survive this dangerous new environment? The short answer is community intelligence–one of the key problems for large organizations is the uneven distribution of knowledge. Data networks often are sprawling constructions, haphazardly thrown together as business functions and scope change over time. And, this can lead to a situation in which the CSO or CIO doesn’t know where the most sensitive data is located or who has access to it.
Kurt Long, CEO of data protection firm FairWarning, sat down with Inside Counsel to discuss how businesses can prepare for the NSA breach consequences. He shared an analysis of the newest strategies business institutions are taking to protect their data, and to deter and catch the most sophisticated adversaries.
According to Long, the NSA breach should raise several questions for firms regarding the security of their data. While organizations may not have top secret cyber-weapons data like the NSA, they have data that is business-critical to their organization and is essential to protect. So, the first question should be, “What is my most sensitive data and where is it?” In order to secure the most valuable data, they have to know where it lies. The next question should be, “Who has access to this data?”
“No longer can organizations and government institutions rely solely on security that thwarts outside attackers. The greatest threats to an organization often lie inside their four walls and in their business network,” he explained. “Due to the interconnectivity of technologies, third party vendors, contractors, employees and affiliates oftentimes have access to sensitive information. It’s essential to monitor all user activity in order to sanction and train malicious or careless users.”
These days, cybercriminals have scaled their attacks and crime, just like a legitimate business, would scale their own operations. From soliciting insiders on the dark web at a scale never imaginable before, to DDoS attacks, malware, ransomware and phishing–the scope of the attacks have become unmanageable. Our own intelligence agencies and government institutions, the NSA and the Department of Homeland Security, have not been successful in securing their organizations’ critical data. So firms must to create a multilayer strategy where every layer of security is addressed to prevent such attacks. In fact, according to an IBM report, 60 percent of all cybersecurity attacks are caused by employees inside an organization, with 44.5 percent being malicious insiders and 15.5 percent being inadvertent actors.
There’s a common misconception that the larger your business, the more vulnerable to attacks you are. According to Long, yes, large businesses often have a larger web of interconnected business networks and employees, creating opportunity for a vulnerability or attack. However, SMBs are being targeted by cybercriminals even more than larger organizations, with 60 percent of SMBs shutting down within six months of a breach, according to the U.S. National Cyber Security Alliance. SMBs often-times feel impervious to cyberattacks due to the idea that they don’t possess valuable data for hackers and takers to extract, but the reality is that through third party vendors and the interconnectivity of business, SMBs offer a doorway into their data and the larger organizations they are connected to.
“Surviving in the current threat landscape means taking a proactive, multilayered approach to security where your workforce is your most powerful asset,” said Long. “To get started, organizations should: conduct a risk a to assessment where their data and organization is most vulnerable; implement user behavioral analytics and auditing to ensure safety and mission-critical applications and systems; maintain proper perimeter security, firewalls and patches; prepare an incident response plan for the worst-case scenario; and educate and train employees to empower them to become your best line of defense.”
Today, machine learning and community intelligence can be used hand in hand as a powerful tool to bolster security. Machine learning uses technology to analyze and record employees’ past behavior in order to predict future behavior. In doing so, false positives can be filtered out and recorded as normal business operations. So why does this matter? Long said, “Security and privacy professionals can take time back in their day and focus on security incidents that demand their attention and pose true threat to the organization.”
Amanda G. Ciccatelli is a Freelance Journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation, and more.