What do you think a ‘spy’ looks like? Perhaps images of dinner suits, Martinis and Aston Martins spring immediately to mind; or maybe a character dressed head to toe in black, abseiling down a skyscraper in the dead of night?
These pop-culture perceptions of espionage have been perpetuated by Hollywood and enthralled the general public for years. But in reality, of course, the secret to effective ‘espionage’ is to shun the dramatic, blend in, and embrace the mundane.
It is no surprise, therefore, that spies do not look like 007 in reality. In fact, they could look like anyone – yes, even Henry from finance. In fact, Henry is probably more likely to be involved in espionage than your average sharply-dressed character at a cocktail party, although he may not even know it.
>See also: Cyber espionage represents the most serious threat to global business
In the modern enterprise, corporate espionage is rife. Nefarious tactics have been used to obtain information by rival companies, organisations and even countries for centuries. But until fairly recently, company information would be stored entirely on-premise and in a secure location where security teams would layer their defences.
Following the proliferation of digital business however, everyday operations take place almost exclusively online, and modern working patterns mean that employees often require access to data off-premise, via a laptop or mobile device.
Traditional barriers to data access have been eroded, leaving it vulnerable to attacks not only from external cybercrime, but also to misuse from within. Given the frequently devastating consequences of a data breach: reputational damage, financial losses and fractured customer relationships, this is a matter of grave concern for the digital business. So what can be done to protect data from the spy lurking within your organisation?
Defence from within
Data protection is a war fought across many fronts, so it requires a multifaceted approach. Implementing a corporate information security program is a great first step, because it formally recognises that the protection of sensitive data is a priority.
You should start by identifying the information that requires the most protection, and where it resides. Often, this will be a combination of on-premise data centre and endpoint devices. Once you have established this, be sure educate your employees on your data protection policy, to ensure it is consistent company-wide. Employees that understand the value of the data and the need to secure it, are far more likely to adhere to the policies.
>See also: Cyber espionage and ransomware attacks are on the increase – Verizon
With a data protection policy firmly in place, it is time to take practical steps to safeguard company data. Encryption plays an important role in this process, because it means that in the worst-case scenario of data falling into the wrong hands, it will be indecipherable.
Regardless of whether the data is stored in the cloud, on-premise or on endpoint devices, look for a solution that provides you with the encryption keys — keeping you in control of access at all times.
Equally important is visibility over an appropriate amount of employee activity, focused on data movement and triggered by unusual behaviour patterns or compromised systems. Of course, time constraints will prohibit manual monitoring of every employee and every system, at all times. But the good news is that best-in-class tools are available to perform this function. The right technology investments and overall tool portfolio will be able to flag abnormal data usage, download or access patterns and alert the security team accordingly.
In turn, the security team should liaise with department leaders business-wide to establish the boundaries of usual activity. I’d like to believe there may be a legitimate reason why Henry from finance is downloading all recent transactions, but his boss Sarah might disagree — she knows he’s leaving in two weeks. The thing is, without having a tool in place that can monitor and flag these issues for you to investigate, you may be putting your business at risk.
>See also: Cyber threat hunting: combatting the new face of espionage
What if the worst happens?
The unfortunate truth is that regardless of the best preparations — a data leak caused by an insider is almost inevitable at some scale. Whether accidentally or through malicious activity, the probability is high that at some point your organisation will leak data. It is here that your ‘corporate resiliency’ plan needs to include data forensics and real-time recovery of this critical information.
A key part of this should include deploying automatic, continuous endpoint backup with real-time recovery across the entire corporate network. The top-tier real-time recovery systems allow impacted users to restore affected devices independently without intervention from the IT department.
This capability returns users to where they were minutes before their files were impacted. As a result an organisation should be able to quickly and efficiently conduct a breach post-mortem and bolster weak points going forward.
Sourced from Rick Orloff, CSO at Code42