4 minute read
Act now to prevent data breaches
CHERRY FUNG
Act now to prevent data breaches
CHERRY FUNG
Fortinet’s Regional Director for Hong Kong, Macau and Mongolia
In Hong Kong and around the world, data breaches are in the news with alarming regularity.
According to Hong Kong’s Privacy Commissioner for Personal Data, 139 data breach incidents were reported in the city in 2019, representing an increase of 8% as compared to 2018. The data breaches involved hacking, system misconfiguration, employees contravening rules, loss of documents or portable devices and inadvertent disclosure of personal data by email or post.
Many data breaches could be prevented, as Microsoft engineers reminded people earlier this year, making headlines when it revealed that “99.9% of the compromised accounts they track” do not use multifactor authentication.
Whilst organisations and individuals wrestle with the challenges of protecting personal and financial information, criminals are taking advantage of the trust that is placed in organisations and their choice of data repositories.
Fortinet Chief Information Security Officer Phil Quade describes data breaches as “confidence vampires” that feed on this misplaced trust. He warns that core assets must be defined and protected by understanding the scope of potential compromise in order to constrain risk. Digital innovation and an increase in endpoint and IoT devices across networks also means new potential “security gaps”. To prevent data breaches it is essential for organisations to establish a security baseline and adopt strategies and solutions for proactive security
Make Multi-factor Authentication Mandatory
Multi-factor authentication technology is widely available, but organisations need to enable it and make it mandatory for their employees. And as with the recommendations for email and SaaS applications, MFA provides a key complementary technology that can significantly bolster security with minimal investment.
Establish Security Hygiene Practices
Many cyberattacks have been in existence for weeks, months and sometimes years and simply carry on targeting proven vulnerabilities in systems. The continued prevalence of known methods of attack demonstrates the importance of having a formal protocol for security patches and system upgrades. Consider replacing all devices that cannot be patched or updated, or ensure devices are “quarantined” with proximity controls such as IPS systems and zero-trust network access. Security teams must ensure the network is capable of automatically detecting and quarantining compromised devices.
Leverage Threat Intelligence
Never underestimate the importance of advanced threat intelligence. Security teams should leverage both local intelligence and follow global threat feeds to keep up to date on the latest cyberattack activity, then distribute this knowledge across the security framework.
Use Signature-based Detection Tools
As the majority of network vulnerabilities that get targeted are not new, security systems can detect attacks by looking for “signatures”, the patterns used in other cyberattacks. Signature-based detection tools enable security teams to scan networks and identify data breach attempts that are targeting known vulnerabilities. These tools are especially useful in complex environments that include devices that cannot be updated.
Use Behavioral-based Analytics and Data Sanitisation
Some threats do not have a recognisable signature, so advanced threat protection solutions such as sandboxes and User Entity Behavior Analytics (UEBA) tools are required. Cyber attackers learn and mimic legitimate traffic patterns so security tools need to conduct an in-depth inspection and analysis that focuses on patterns that can then be used to detect and diagnose malicious intent. Ideally, security tools need to be able to intervene automatically before an attack takes place. Data sanitisation strategies such as Content Disarm and Reconstruction (CDR) tools can identify potential threats and stop attacks cold.
Employ Web Application Firewalls
Despite the risk of cyberattacks, many organisations do not adequately test and strengthen their web applications before they are deployed. By employing a web application firewall (WAF) organisations can monitor web application traffic more closely than next-gen firewall technology.
Replace Traditional Security Technologies
Traditional security solutions operate in isolation, which means they are only able to respond to threats detected in front of them and do not have the full picture of the network. Cyber criminals employ a multi-vector approach that use multiple vulnerabilities and more than one method to breach a network. By adopting a fabric-based approach organisations can protect evolving networks against data breaches.
Segment Networks
The frequency of data and applications flow in digital environments means networks should be segmented to prevent the spread of cyber threats. Organisations can achieve this by deploying internal network segmentation firewalls and establishing macro- and micro-segmentation strategies. Segmentation is especially critical when collecting and correlating large amounts of data in single and multiple network environments. Consistent policies across the network more effectively manage and secure the movement of data and applications.
Stay Alert, Stay Proactive
The frequency of data breaches and increasing sophistication of cyber criminals means security should remain a central priority. Defending against these threats requires strategies that rely on security solutions and awareness of risk. By creating a security baseline and embracing a range of strategies that can be deployed broadly , organisations can protect themselves and their customers from data breaches.
