Even with the use of the most advanced technology, there is no guarantee of 100% security. We also have to take into account that the data held by companies is one of the most precious assets. And this requires ensuring that it is not accessed by unauthorized people or organizations and in case of loss, having a recovery plan for the data lost due to any incident immediately. We assure after all continuity of business activity. But to what extent is the user who handles the data important?
It’s fundamental. First, because it is the one who can involuntarily give up their access rights to the company’s environment to unwanted external people. You could do it in 2 different ways:
Either by giving away your credentials, for example, engaging in phishing, or by sharing uncontrolled links to the outside that grant access to internal data. Through phishing, the attacker enters the system with the credentials of the attacked user and subsequently increases the rights of the real user until he can have access to all the company’s information.
Once the information has been stolen, we are just one click away from the data being encrypted and then being asked for a ransom to recover it: ransomware. Allow me a reflection on this point, and moving away from the discussion about whether or not it is appropriate to give in to extortion:
- Will they partially return the data to us? Surely they will not return all of them to us. And the most sensitive ones will probably remain to be delivered.
- The extortion will continue over time. They are experts in maintaining the need to give in to extortion, given the loss of profits that the company suffers due to its paralysis.
- Intellectual property, what drives our company, can be resold to the highest bidder on the Darkweb.
We can solve the first two points if we have a recent, clean and reliable backup, where the veracity of the data and immutability are guaranteed. However, to the third point, the loss of reputation and intellectual property can only be avoided with prevention.
But companies are also increasingly using Onedrive, Sharepoint, or Teams. This means that they have a very wide and uncontrollable security perimeter.
It is the companies’ own internal users who share access to their company’s data and also to that of their clients with external third parties. Behavioral habits mean that these links can be forwarded to third parties without any type of control on the part of the company. And in the best of cases the recipient will have to identify himself. At least that way there will be a trace of what happened.
But in most cases the link does not require identification and the files can be accessed anonymously and indefinitely over time.
If we do not manage and protect our data well, few of our customers will probably trust us. And if we don’t manage our own, will customers have doubts about how we treat their data? Surely. For all these reasons, our recommendation is to cover all angles of our security perimeter.
- Protection and prevention against attack. Putting technology around the user, and specifically in the biggest attack vector currently, email.
- Ensuring the company’s data security policy. Controlling both temporally and privileges, internal and external file sharing.
- Training the user also in attack detection, making that user the most important firewall in case of a security breach.
- If the attack still succeeds, ensuring quick recovery of all data. We avoid loss of company profits and reputational damage. All this with a simple secure and immutable backup.
After all, it is a 360º approach and its components overlap to ensure that our companies and our clients’ data are in good hands. Let’s make the core business of our company the one that requires our attention. And that cybersecurity is responsible for the viability and compliance with regulations, guaranteeing the focus of the business and that of our organizations.
Signed: Felix de la Fuente, Country Manager of Hornetsecurity