Paranoia strikes deep, Into your life it will creep, It starts when you're always afraid…. – Buffalo Springfield
2014 could be called the year of data breaches. Large companies like Home Depot were hacked and, as we transitioned to 2015, the Sony breach garnered headlines. Then the January Twitter (News - Alert) hack of CENTCOM fanned the flames even higher. These events triggered fear and paranoia in many IT departments regarding Internet security and data integrity. Before we panic, however, let’s take a step back and view these events pragmatically.
Spending $10,000 a month for a high-level home security system to protect $100,000 worth of art wouldn’t make sense. To justify the time and risk art thieves would rather select a home with a $20,000,000 Picasso. The same logic holds true for cyber attacks. State-sponsored cyber intrusions (i.e. Sony/North Korea) are difficult to thwart, but probably 99.999 percent of organizations would never make the target list.
As one major health insurance provider learned, chaining laptops to desks affords almost zero data protection. The sensitive patient information populating the units was not even encrypted. In effect, a primitive chain cutter became as effective and any sophisticated cyber hacker toolkit. Cyber Hygiene, or CyHy, combined with common sense would have avoided this breach.
Despite the negative headlines, the Twitter CENTCOM hack actually illustrated good information management.DOD policy does not allow sensitive information to be published via social media. Although somewhat embarrassing for the DOD, no sensitive data was compromised. The accessible data was intended for public dissemination anyway.
An estimated 35 percent percent of all malware ever created emerged in 2014, so diligence and the best security tools available are imperative, but common sense must prevail. First, free your team of as much of the data/security management load as possible. Cloud solutions are an excellent choice. The next step is to restrict data access to essential users. This is not simple. Most data is unstructured and many applications like Windows Server were specifically designed to facilitate access – not restrict it. Fortunately, there are data management tools available from companies like Varonis Systems Inc. to simplify the process. The TMC (News - Alert) site has a wide selection of cyber security white papers and other information available.
Edited by Maurice Nagle