Securing Valuable Data

Uploaded on 2023-02-28 in TECHNOLOGY--Resilience, FREE TO VIEW

Perimeter security is flawed on many levels. Not only are businesses in every industry routinely breached but this model provides the same level of security for all data, irrespective of its value. As a result, when hackers are able to access a network, identifying and extracting valuable data can take less than half a day.

Data is a business’ most valuable asset, so why are security posture treating all data the same by continuing to focus security on the perimeter?

Risk Is Everywhere

No business is immune from the risk of security breach. From power station shut-downs, couriers unable to make deliveries and car retailers having their entire network locked while customers’ personal data, including bank details, is targeted, every business is vulnerable to cyber disruption and ransomware attack. The implications are becoming ever more severe. In addition to the loss of reputation and customer trust, the fines imposed by regulators are becoming ever more punitive. 

The reality for all businesses is that no system is safe when cyber criminals have so much time on their hands - and so many tools at their disposal. Plus, of course, businesses are making it easy, with traditional perimeter-based security models failing to provide adequate protection.  

In a recent Ethical Hacking survey, the most common reason for breach of the perimeter security was ‘vulnerable configurations’; or, to put it another way, human error. And the opportunities for breach become ever greater given the scale of global communications. From IoT to the cloud and highly complex global supply chains, companies have no control over the networks that have become core to every business operation.

Businesses do, however, have control over their data. And with a duty to both the company and customer base to protect that data, it is time to adopt a data first approach to security.

Data First Security

By wrapping security around the data, a business can safeguard this vital asset irrespective of infrastructure. Whether the data is generated within the business or by a third party, whether it is crossing an internal network, travelling via SD-WAN or across a supplier’s infrastructure, by adopting Layer 4, policy-based encryption a business can ensure the data payload is protected for its entire journey.

Encrypting the data means that the company’s most valuable asset has nothing to offer a hacker: all a bad actor can see is crypto-segmented flows of data. They have no idea if the data is payroll, command and control, customer information – or just a social media update. And this is key because bad actors really don’t need much time to identify and extract valuable data.

The Ethical Hacking survey revealed it typically takes less than one hour in 16% of cases and one to two hours for 24% of cases to see what data’s in motion and decide what’s most valuable to steal for a ransomware attack.

With crypto-segmentation, bad actors can spend as long as they like within a business and still be unable to identify any valuable information.

Policy Based Approach 

The policy-based encryption model allows companies to adopt an approach founded on data value, encrypting personally identifying information (PII) such as HR, healthcare or financial data, for example. With this orchestrated, policy-based solution, a business can define a business policy around a specific data set and allow the orchestration to deliver that to the various data protection enforcement points on the network.

Furthermore, as the business’ perception of data value and risk evolves, in response to operational or regulatory change, orchestration can deliver consistent change automatically across the business.

Additionally, this encryption model allows businesses within highly regulated industries, such as utilities, to meet growing expectations that all data must be encrypted irrespective of value. This reflects the new risks created by today’s complex, multi-directional networks and the use of IoT devices such as smart meters, which create a huge attack surface. 

And, because only the payload data is encrypted, while header data remains in the clear, there is minimal disruption to network services or applications. It means the business still has full visibility of all core metrics, including analytics, and it makes troubleshooting an encrypted network easier.

Conclusion

Global regulation is accelerating the need to focus on data, not infrastructure. Not only are growing numbers of vertical markets now affected by new regulatory demands but countries around the world have built on and extended the regulations introduced in the US and EU.

With interconnected global data flows, every business and its directors are far more vulnerable, not only to fines, but also prison terms. It is, therefore, vital to stop relying on perimeter security and look closely at protecting valuable data.

Simon Pamplin is CTO at Certes Networks

You Might Also Read: 

Who Foots the Bill For A Data Breach?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Webinar: Firewall-as-a-service (FWaaS)
The Virtual & Real Cybersecurity Threats In The Metaverse  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

Watch this webinar to explore the Security orchestration, automation, and response (SOAR) paradigm, its relationship with organization IT practices, and its role in your security strategy.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

S21sec

S21sec

S21sec is a leading European pure play cybersecurity consultancy, services and solutions provider.

ICS2

ICS2

ICS² is the first cyber security company focusing on protecting the control system of power, oil, gas, and petrochemicals plants.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

Aiuken Cybersecurity

Aiuken Cybersecurity

Aiuken is an international IT Security company, focused on communications and IT technologies, specialised in Security and Cloud Services solutions with high added value.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

Intercast Global

Intercast Global

Intercast's mission is to be a strategic resource to our clients in Risk Reduction. We are a global leader in cyber security staffing and consulting to the enterprise.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

National Center for Infrastructure Protection and Cybersecurity (CNPIC) - Spain

National Center for Infrastructure Protection and Cybersecurity (CNPIC) - Spain

CNPIC is responsible for the promotion, coordination and supervision of all politics and activities related to the protection of critical infrastructures and cybersecurity in Spain.

Alias

Alias

Alias (previously known as Alias Forensics) provide penetration testing, vulnerability assessments, incident response and security consulting services.