Data Risk Heating up for all Businesses Across Borders

Nation-state attacks and rumors of insurgencies in various parts of the world have brought the critical issue of securing data across enterprises closer to home. The need for security awareness and data security now is no longer confined to any national border.

The recent state attacks and tension between the United States and Iran have raised red flags on safety for both nations and across the world.

According to data-driven security analysts, the 2012 attack against Saudi Aramco that devastated the organization and put the entire nation of Saudi Arabia on the back foot for over six months was a catastrophe.

However, surrounding nations such as Bahrain took adequate steps in securing data and company information across the country. In cases like these, the rush to defend against unanticipated attacks can have positive outcomes.

Before the Saudi Aramco attack, data security across the Middle East was unheard of. But when workstations, computers, and servers were attacked at Saudi Aramco, over 32,000 systems were shut down in what was perceived to be the world’s first nation-state attack. This attack crippled the resources and productivity of the number one wealth producer for the country.

To protect both IT and OT infrastructures, layers of securities must be implemented while concentrating on both aspects. Most organizations and enterprises emphasize overall network security solutions to safeguard their network while ensuring another tier of protection installed in hardware.

Based on the industry and sector your organization belongs to, you will need to look into the specific layers required. For instance, electric grid organizations and affiliated partners must adhere to stringent guidelines – NERC-CIP [North American Electric Reliability Corp].

These standards control the security of the grid and recommend that companies falling within the sector must implement these critical security layers.

Technology is a crucial component in data security and is an essential tool in the battle against data attacks. But rather than relying on the strength of the technology to safeguard the data, data security must be extended across the organization, especially the executive board and the C suite.

In all probability, experts forecast that there may come a time when organizations will be assessed on their overall IT security and resilience just as they are scrutinized on their financial and accounting records.

The fact that people’s lives are now dependent on the Internet is a sign that almost every individual has a virtual profile of themselves in cyberspace, just as they are imperiled in the physical world. And while challenges in the physical world are sometimes regarded as opportunities, it can also help that data security in organizations, and the problems surrounding them can help organizations in creating value from them.

Dealing with threats, ransomware, and nation-state hackers all simmers down to one thing. Without robust and reliable data security tools, organizations can be sitting ducks to cybercrime and data attacks.

With political flares arising, security experts expect private and public sector organizations in the West to become prime targets.

Keeping in view escalating tensions, the US Cybersecurity and Infrastructure Security Agency, which is a unit of the Department of Homeland Security, has updated its security guidelines on countering advanced persistent data attacks that could come from anywhere around the world.

In situations like these, organizations must shore up their central data security systems, such as implementing a digital rights management tool to thwart sensitive and confidential information from being stolen.

If your organization has not yet put a data security tool in place and defenses are lacking in your network and systems, it is time to buck up and make data security a priority while at the same time preparing a breach response plan.

The US Government has reiterated for organizations that support critical data infrastructure to perform due diligence on data security.

Organizations belonging to the financial sector, defense industry, government, and oil and gas sectors could be potential targets for retaliation activity.

Although such attacks have not yet taken place, given Iran’s past targeting of banks through distributed denial of service attacks and proven ties to ransomware, it is possible that similar such attacks could take place sometime in the future.

Hence it is imperative that companies build data breach response playbooks, including incident response basics and set up data security training modules for all employees and third-party alliances.

Here are the top 10 items that companies must focus on, starting now:

• Communicate with executive leadership on the need for dedicated data security resources, such as digital rights management, to fortify sensitive and classified company information.
• Perform an in-house audit to ensure that every endpoint and system in the network has updated protection.
• Apply the latest patches and ensure every critical vulnerability in the company is addressed.
• Revoke privileged administrative passwords and provide access only when and if needed.
• Mandate a password reset for all employees, particularly for third-party login access.

Ensure that every sensitive or confidential digital document is protected with proven and reliable data security protection such as DRM.

• Ensure all necessary backups are available and can work with replication sites.
• Have all staff members educated on phishing?
• Terminate access and accounts for those people who no longer need to access the particular document or file.
• Ensure that all access to those who are no longer employed by the company is terminated.
• Tune-up controls to monitor emails, web traffic, firewalls, web applications, cloud applications, IPS, IDS, and more to ensure all access and exit points are protected to a heightened level.