Tag Archives: Data Security

Is Your Biggest Security Threat Already Inside Your Organization?

Are insiders compromising your security

The person in the cubicle next to you could be your company’s biggest security threat.

The large-scale attacks we’re accustomed to seeing in the news — Yahoo, Equifax, WannaCry ransomware — are massive data breaches caused by cyber criminals, state-sponsored entities or hacktivists. They dominate the news cycle with splashy headlines that tell an all-too recognizable story: one of name-brand corporations vs. anonymous cyber villains.

We focus in outsider threats because they’re both terrifying and thrilling, and because they’re familiar. They often have a clear-cut storyline, one that we’ve seen before. But the hyper-focus on cyberattacks caused by outside parties can lead organizations to ignore a major cybersecurity threat: insiders already in the organization.

We’ve seen these threats before too: attacks of dramatic espionage from Snowden, Reality Winner and Gregory Chung — but insider threats aren’t always so obvious, and they pose a risk for organizations that don’t operate in the national security space. In fact, research suggests that insider threats account for anywhere from 60 to 75 percent of data breaches.

They’re dangerous for a number of reasons, including because of how much they vary: from rogue employees bent on personal gain or professional revenge to careless staffers without proper cybersecurity training, insider threats can come from almost anyone, making them a prime concern for businesses. Check out our full infographic to learn more about the motives and methods behind these types of threats.

Insider threats cybersecurity

Are you doing everything you can to prevent insider threats?

If you’re granting unnecessary internal permissions, lack an auditing system for high-risk people or sensitive data, or aren’t paying close attention to possible behavioral indicators of malicious activity, your organization is at risk. You’re more vulnerable than you think — assess your risk today to see what you can do to ward off threats that come from the inside.

Infographic sources:
U.S. Department of Homeland Security | 2018 Insider Threat Report | Digital Guardian | MetaCompliance | ITProPortal | IT Governance | Wired

Data Integrity: What is it and How Can You Maintain it?

data integrity hero

If your company’s data is altered or deleted, and you have no way of knowing how, when and by whom, it can have a major impact on data-driven business decisions. This is why data integrity is essential. To understand the importance of data integrity to a company’s bottom line, let us examine what it is, why it’s significant, and how to preserve it.

What is Data Integrity?

Data integrity refers to the reliability and trustworthiness of data throughout its lifecycle. It can describe the state of your data—e.g., valid or invalid—or the process of ensuring and preserving the validity and accuracy of data. Error checking and validation, for example, are common methods for ensuring data integrity as part of a process.

What is the Difference Between Data Integrity and Data Security?

Data integrity is not to be confused with data security. Data security refers to the protection of data, while data integrity refers to the trustworthiness of data.

Data security focuses on how to minimize the risk of leaking intellectual property, business documents, healthcare data, emails, trade secrets, and more. Some data security tactics include permissions management, data classification, identity and access management, threat detection, and security analytics.

Why is it Important to Maintain Data Integrity?

Imagine making an extremely important business decision hinging on data that is entirely, or even partially, inaccurate. Organizations routinely make data-driven business decisions, and data without integrity, those decisions can have a dramatic effect on the company’s bottom line goals.

A new report from KPMG International reveals that a large majority of senior executives don’t have a high level of trust in the way their organization uses data, analytics, or AI.

data integrity statistics

Only 35% say they have a high level of trust in the way their organization uses data and analytics. 92% are concerned about the negative impact of data and analytics on an organization’s reputation. What’s more, 62% of senior executives said technology functions, not the C-level and functional areas, bear responsibility when a machine or an algorithm goes wrong.

Organizations need to go through the motions of preserving data integrity in order for C-level executives to make proper business decisions.

Data Integrity Threats

Data integrity can be compromised through human error or, worse yet, through malicious acts. Data that’s accidentally altered during the transfer from one device to another, for example, can be compromised, or even destroyed by hackers.
Common threats that can alter the state of data integrity include:

  • Human error
  • Unintended transfer errors
  • Misconfigurations and security errors
  • Malware, insider threats, and cyberattacks
  • Compromised hardware

So how do you know when your data has integrity? You have to look at the following features:

Retrievability and accessibility – It’s important to have accurate data in the proper locations at the right time when anyone is working on projections, a deal, or presentation. Without proper and easy access and retrieval, it can be detrimental to the business, yielding the way for your competition to win.

Traceability –Today, you can trace every touchpoint you make with a prospect or customer. How? With a data point. The data can inform decision makers, highlight red flags, deficiencies, or limitations. Make sure these touchpoints are accurate.

Reliability – Having reliable, consistent business metrics against company goals and the competition is what will take an organization to the top.

How to Preserve Data Integrity [Checklist]

data integrity checklist

The data integrity threats listed above also highlight an aspect of data security that can help preserve data integrity. Use the following checklist to preserve data integrity and minimize risk for your organization:

  1. Validate Input: When your data set is supplied by a known or unknown source (an end-user, another application, a malicious user, or any number of other sources) you should require input validation. That data should be verified and validated to ensure that the input is accurate.
  2. Validate Data: It’s critical to certify that your data processes haven’t been corrupted. Identify specifications and key attributes that are important to your organization before you validate the data.
  3. Remove Duplicate Data: Sensitive data from a secure database can easily find a home on a document, spreadsheet, email, or in shared folders where employees without proper access can see it. It’s prudent to clean up stray data and remove duplicates.

Smaller companies without a dedicated staff will find that these tools can assist them clean up duplicate files on a hard drive or cloud.

For Windows Servers: Use the Data Deduplication feature to clean up cloned files. Also try the File Server Resource Manager to remove stray files.

  1. Back up Data: In addition to removing duplicates to ensure data security, data backups are a critical part of the process. Backing up is necessary and goes a long way to prevent permanent data loss. How often should you be backing up? As often as possible. Keep in mind that backups are critical when organizations get hit with ransomware attacks. Just make sure that your backups aren’t also encrypted!
  2. Access Controls: We’ve made the case above for input validation, data validation, removing duplications, and backups – all necessary to preserve data integrity. Let’s not rule a few popular data security best practices that can also lend a hand or two: access controls and an audit trail! Individuals within an organization without proper access and with malicious intent can do grave harm to the data. What’s worse, an outsider impersonating an insider can also be detrimental. Implementing a least privilege model – where only users who need access to data get access – is a very successful form of access control. What’s often overlooked is physical access to the server. The most sensitive servers should be isolated and bolted to the floor or wall. Only individuals who access should have an access key – ensuring that the keys to the kingdom are kept secure.
  3. Always Keep an Audit Trail: Whenever there is a breach, it’s critical to data integrity to be able to track down the source. Often referred to as an audit trail, this provides an organization the breadcrumbs to accurately pin point the source of the problem.

Typically, an audit trail has the following:

  • Audit trails need to be automatically generated
  • Users should not have access to or the ability to tamper with the audit trail
  • Every event – create, delete, read, modified – is tracked and recorded
  • Every event is also aligned to the user, so you know who accessed the data
  • Every event is time stamped so that you know when the event took place

Data Integrity Empowers Decision Makers

Not too long ago, it was difficult to collect data. However, today it’s no longer an issue. In fact, we’re able to collect so much data, the responsible thing to do is to preserve data integrity. That way, management can confidently make data-driven decisions that steer their company in the right direction.

Interested in more information on data integrity? Take a listen to our podcast with Ann Cavoukian on GDPR and Access Control or browse through our article on The Difference Between IAM’s User Provisioning and Data Access Management.

How to Respond to a Cyber Security Incident

How to Respond to a Cyber Security Incident

Every day another company is caught off guard by a data breach. While avoiding an attack is ideal, it’s not always possible. There’s no such thing as perfect security. Even if you’ve outsourced your IT or your data lives in the cloud, ultimately the responsibility for keeping your customer data safe falls on your shoulders.

In the unfortunate case that your company suffers a breach, you should be prepared to address it swiftly. To help, we created an easy to implement plan that outlines ways to proactively respond and recover from a cyber security incident.

Avoid

pexels-photo-30267-medium

Avoiding an attack is best whenever possible – but it’s just as important to have a cyber incident response plan in place in anticipation of an attack.

Take Inventory

What information is mission critical to your organization? Where does it live? How quickly can it be reinstated if it’s taken out in an attack?
Perform a complete audit of your systems, take note of the most important components, and track everything . Make sure you are not the only person aware of this document.

Pick a Team (or Two)

Now that you know what is most important, make sure all the relevant players are aware as well. Nominate one person as the IT owner in the event of a cyber attack. This individual needs to be readily available in case of an emergency, and equipped to manage the many internal technical components involved with recovering from a breach.  Nominate a second person to own the management of external needs of a breach – such as outreaching to public relations, getting in touch with the organization legal counsel, etc. Both of these roles are critical for a timely and effective response. Just to be safe – pick a second in command for both teams. After all, no man is an island.

Make a Plan

You know the data, you have the right people in place – now it’s time to develop an actionable plan and provide specific, concrete procedures to follow during a cyber incident. The procedures should address:

  • Who has lead responsibility?
  • How to contact critical personnel, and what data, networks, and services should be prioritized for recovery.
  • How to preserve data that was compromised by the intrusion and perform forensics to review for gaps in security and insights into the actual attack.
  • Who needs to be notified (data owners, customers, or partner companies) if their data or data affecting their networks is stolen.
  • When and what law enforcement will be brought into the picture, as well as any regulated reporting organizations.

Need a little more guidance? The California Department of Technology has a wonderful outline available online that is a great starting point!

Once developed, this plan should NOT live in a bubble. Make sure everyone on the team is aware and has read and reviewed. In addition, take time to appraise the plan every quarter for relevancy and update as necessary. Unfortunately, security is not static. Also, this is important; it should be tested PRIOR to an actual cyber incident. Tornado, zombie apocalypse or biblical flooding is NOT the time for a try-out.

Address

marketing-man-person-communication-medium

Despite all your planning, preparation, and good intentions – what happens if (when) you are struck by a cyber attack? First things first – implement your cyber incident plan as soon as possible. Take a critical assessment of the situation. Does it appear to be a malicious attack or a simple tech glitch or misconfiguration? Once you’ve determined intent (and it’s not good), it’s time to collect and preserve the impacted data, and put the rest of your plan into action.

Who You Gonna Call?

Shhh…it’s not Ghostbusters! You should already have this information in place and readily available in your cyber incident plan. Start your outreach right away and begin with your response owners and work your way down the line. For example, the “external” owner at your organization should notify law enforcement, possible victims and the Department of Homeland Security, if necessary. Overall, the best approach is transparency. No one wants to admit to a breach. However, hiding critical information or delaying notification can backfire. A good approach involves being as direct as possible, highlighting the known and promising a timely follow up on any unknown. As always, keep it simple and straightforward. Don’t make promises you cannot keep or address concerns that are not valid.

You Might Need a Professional

Sometimes an internal response team just isn’t enough. Fortunately, there are many third-party organizations that specialize in incident response and can help you navigate through the breach. The fresh set of eyes can look at the breach in a way internal staff – already vested in the company and outcome – cannot. They can help you discover exactly what has been accessed and compromised, identify what vulnerabilities caused the data breach, and re-mediate so the issue doesn’t happen again.

Verify, then Reinstate

Finally, verify that your backup data was NOT compromised. It would be “no es bueno” to restore your system using data that you believe is valid, only to discover that your backup was just as bad as your compromised data.

Action

people-new-york-train-crowd-medium

Even after a cyber incident appears to be under control, remain vigilant. Many intruders return and attempt to regain access to networks that they previously compromised. It’s possible that, despite your best efforts, a hacker could STILL find a way into your system. They are a slick, determined bunch.

Monitor & More

Continue to monitor your system for out of the ordinary activity. Invest in a software solution that utilizes User Behavior Analytics to recognize unusual behavior and notify prior to an actual attack. Varonis, for instance, will recognize and notify about both external and internal threats before irreparable damage can be done.

Just the Facts Ma’am

Once your organization has recovered from the attack, it’s time to thoroughly review what happened, and take steps to prevent similar attacks. What went well with the cyber incident response plan? What may need just a wee bit of tweaking? Assess the strengths and weaknesses of the plan, and determine what needs adjusting. Implement the changes. You’ll be glad you did if (when) you are attacked again.

React, Revise & Revisit

Protecting against a cyber incident is a full-time job. As ransomware evolves and the insider becomes a consistent threat, it’s important to continuously revise and revisit your Cyber Incident Response plan:

  • Keep your plan up to date.
  •  Have the right technology in place (including lawful network monitoring) to address an incident.
  • Hire legal counsel that is familiar with the complex issues associated with cyber incidents.
  • Make sure existing corporate policies align with your incident response plan.

A cyber incident is never something you want to face. However, being proactive and prepared will make a huge difference in your response.

Introduction to OAuth (in Plain English)

OAuth

We’ve talked about giving away your passwords and how you should never do it.  When a website wants to use the services of another—such as Bitly posting to your Twitter stream—instead of asking you to share your password, they should use OAuth instead.

OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.

This is a quick guide to illustrate, as simply as possible, how OAuth works.

The OAuth Flow

There are 3 main players in an OAuth transaction: the user, the consumer, and the service provider.  This triumvirate has been affectionately deemed the OAuth Love Triangle.

In our example, Joe is the user, Bitly is the consumer, and Twitter is the service provided who controls Joe’s secure resource (his Twitter stream).  Joe would like Bitly to be able to post shortened links to his stream.  Here’s how it works:

Step 1 – The User Shows Intent

Joe (User): “Hey, Bitly, I would like you to be able to post links directly to my Twitter stream.”
Bitly (Consumer): “Great! Let me go ask for permission.”

Step 2 – The Consumer Gets Permission

Bitly: “I have a user that would like me to post to his stream. Can I have a request token?”
Twitter (Service Provider): “Sure.  Here’s a token and a secret.”

The secret is used to prevent request forgery.  The consumer uses the secret to sign each request so that the service provider can verify it is actually coming from the consumer application.

Step 3 – The User Is Redirected to the Service Provider

Bitly: “OK, Joe.  I’m sending you over to Twitter so you can approve.  Take this token with you.”
Joe: “OK!”

<Bitly directs Joe to Twitter for authorization>

This is the scary part. If Bitly were super-shady Evil Co. it could pop up a window that looked like Twitter but was really phishing for your username and password.  Always be sure to verify that the URL you’re directed to is actually the service provider (Twitter, in this case).

Step 4 – The User Gives Permission

Joe: “Twitter, I’d like to authorize this request token that Bitly gave me.”
Twitter: “OK, just to be sure, you want to authorize Bitly to do X, Y, and Z with your Twitter account?”
Joe: “Yes!”
Twitter: “OK, you can go back to Bitly and tell them they have permission to use their request token.”

Twitter marks the request token as “good-to-go,” so when the consumer requests access, it will be accepted (so long as it’s signed using their shared secret).

Step 5 – The Consumer Obtains an Access Token

Bitly: “Twitter, can I exchange this request token for an access token?”
Twitter: “Sure.  Here’s your access token and secret.”

Step 6 – The Consumer Accesses the Protected Resource

Bitly: “I’d like to post this link to Joe’s stream.  Here’s my access token!”
Twitter: “Done!”

Recap

In our scenario, Joe never had to share his Twitter credentials with Bitly.  He simply delegated access using OAuth in a secure manner.  At any time, Joe can login to Twitter and review the access he has granted and revoke tokens for specific applications without affecting others.  OAuth also allows for granular permission levels.  You can give Bitly the right to post to your Twitter account, but restrict LinkedIn to read-only access.

OAuth Isn’t Perfect…Yet

OAuth is a solid solution for browser based applications and is a huge improvement over HTTP basic authentication.  However, there are limitations, specifically with OAuth 1.0, that make it far less secure and less user-friendly in native and mobile applications.

OAuth 2.0 is a newer, more secure version of the protocol which introduces different “flows” for web, mobile, and desktop applications.  It also has the notion of token expiration (similar to cookie expiration), requires SSL, and reduces the complexity for developers by no longer requiring signing.

Other Resources

Hopefully this was a good primer to get you familiar with OAuth so the next time you see “Sign-in with Twitter” or similar delegated identity verification, you’ll have a good idea of what is going on.

If you want to dive deeper in into the mechanics of OAuth, here are some helpful links: