Strengthening the defensive with simple measures
Statement by Arne Ohlsen, Senior Field Marketing Manager at SailPoint
The protection of sensitive corporate data is currently more in focus than ever before – and not only on the occasion of this year’s World Backup Day.
Arne Ohlsen, Senior Field Marketing Manager at SailPoint
With the threat landscape still tense and hackers using phishing, social engineering, malware attacks and other methods to extort ransom payments from their victims, organizations of all sizes need to rethink their cybersecurity strategy. After all, in addition to external threats, there are configuration errors, hardware damage and human error. The fact that backups are available as an alternative is well known to everyone. However, according to a recent study, over half of backups fail. A good reason to think beyond the mandatory data security program.
A reliable and up-to-date data backup is of crucial importance for data protection. Regular backups – preferably daily – protect important files from inevitable data loss due to everyday risks such as system crashes, malware infections, hard drive damage and failures.
However, even with a successful recovery after a hacker attack, sensitive information such as customer data or intellectual property could be stolen. Cyber attacks are undoubtedly one of the biggest threats to companies. But insiders could also be behind data loss and manipulation – whether sensitive information is intentionally or intentionally misused, deleted or changed does not matter. It is crucial to recognize that insider threats are not so much a technical problem as a human one.
The danger inside
The most common type of insider threats comes from employees, contractors and bots. Perhaps an employee has accidentally failed to comply with the company’s security policies, or he has ignored the request to set up multi-factor authentication. He may also have stored data on his personal device or in his private cloud. They are clearly different from criminal insiders who steal sensitive data and intellectual property in order to extract financial benefits from it. Sometimes they are recruited by cybercriminals, in other cases they act on their own and sell the confidential information on the black market. Because insiders are trusted employees who often have access to sensitive data, these attacks can be difficult to detect.
Strengthening the defensive with simple measures
Companies are well advised to classify all their data now, depending on the respective risk, whereby personal and health-related data, credit card data and intellectual property should be assigned to the highest classification levels. In addition, it is advisable to group users according to their role or function within the company, whereby sensitive information may only be made accessible to those who need it to carry out their activities.
In addition, companies should establish strict guidelines for controlling user access and protecting against the theft of access data and implement them consistently, ideally using technologies that automate this. Multi-factor authentication should also be used for maximum protection – it also makes sense to use complex passwords. Another important factor is the encryption of sensitive data, which comes with restricting who has the keys to decrypt this information.
Last but not least, backups that are carried out regularly and tested for their functionality are the last line of defense against data loss, deletion and misuse. However, one important component should not be forgotten in all these measures: raising awareness among employees. Employees, contractors and third-party providers should be regularly informed about the risk of cyber attacks and other threats, and companies should provide transparency regarding internal policies to protect against such threats. Furthermore, employees should be encouraged to report suspicious activities immediately and to support the company in protecting against these threats. But with all the awareness: ideally, technologies that immediately sound the alarm if something is wrong will help here.
Overall, the best offense is a good defense. Even if World Backup Day only takes place once a year, this does not mean that it is enough to back up data once a year and rely only on backups.
Outsourcing Software Development Services | Dedicated Solutions Outsourcing
