It seems like IT’s general approach to any kind of attack – which includes data breaches – is a reactive one. Think about it, in every kind of attack-related scenario – whether an external attack, an insider threat, malware infection, ransomware attack, etc. – the “business as usual” methodology is to detect the attack/infection and then to react with an incident response plan (that likely includes some immediate automated actions).
The problem with this methodology when considering a data breach, is that it is the most costly path. The average cost/record in a data breach (which includes the cost of investigation, legal, PR, remediation, etc.) is $141 – that’s per record. So, even a “small” data breach of only 1000 records, should you go the reactive route, will cost an average of $141,000. That’s far more than, say, the WannaCry ransomware attack, which had a ransom in the hundreds of dollars.
It’s simply not cost-effective to be reactive with data breaches.
Going Proactive to Avoid Data Breaches
What’s needed is a far more proactive approach – one that uses a layered security strategy, detecting suspicious activity at each step of the breach “process”, and putting a stop to a potential breach as early in that process as is possible.
At a high-level, your proactive approach to thwarting data breaches is accomplished by protecting your most valuable data at a few levels:
- Vulnerability Protection – The bad guys need to get in somehow, and known vulnerabilities are a prime target. Ensuring operating systems and applications are patched is critical. Sure, this may seem rudimentary, but the reality is even in environments where it’s believed to be completely patched, vulnerabilities still exist, giving attackers entrance to your network.
- Threat Protection – Should an attacker get in, you need to have a way to stop them before they can do anything truly malicious. AV, endpoint protection, and application whitelisting are just a few types of security solutions that can neutralize a threat the moment it rears its ugly head.
- Environment Protection – Attacks can’t succeed without first logging onto the system containing the data of value. Having some kind of two-factor authentication coupled with contextual access controls and logon monitoring will help stop the misuse of credentials– well before an actual breach occurs.
- Data Protection – You need to assume the bad guys can get past the first three layers. If they do, you need a way to keep tabs on the data you deem worthy of stealing (and keep in mind, it may not just be your customer or credit card data; even your upcoming press releases can be used for insider trading if you work at a publicly-traded company). This means using file-level or application-based auditing of access to identify and notify IT of improper access the moment it starts.
Reactive is Risky
Data breaches are too costly for the organization to be left to detection and responsive measures. For Windows Infrastructure, there’s a lot you can do – even with native tools – to put a layered proactive security stance in place. Consider putting some or all of these proactive protective layers in place to protect your organization from a data breach.
Find out more about 2-factor Authentication & Access Management on a Windows network with UserLock.
Find out more about Windows File Server auditing with FileAudit.