The most serious security mistake organizations have made in the past, is in thinking “It could never happen to us…”. The majority of cyber attack victims in recent years, where not being proactive with risk mitigation strategies led to serious consequences resulting in operational disruption, lost contract revenue, loss of customer trust, litigation and more hidden costs (running into billions of dollars) which have disrupted the functioning of the enterprises for as long as five years.
With startups, it has had the impact of shutting down the business within six months of a data breach. The good news is that these risk mitigation strategies can be implemented with a strong technological framework and being one step ahead of criminals.
A good risk mitigation strategy needs multiple layers of security implemented at all stages of the data lifecycle.
Enterprise Risk Mitigation Strategies
1. Reduce the attack-surface on cryptographic keys with secure key management
In a naive technology framework, a system administrator would assign a cryptographic key to any client system that needs to access encrypted data. This puts the onus on the client to keep the key secure on their disk and offers an attacker a very simple means of obtaining the key from the system. Such an ordinary implementation of database access controls, business logic and cryptographic keys can give attackers a wide attack-surface to exploit software vulnerabilities.
In order to ensure a more fool-proof method of securing crypto keys, it is necessary to have a hardware key storage utility called a Hardware Security Module (HSM) which is safer than a conventional server because it is built on specialized hardware with cryptoprocessor chips to prevent tampering and bus probing (snooping on data being transmitted).
This can help generate the master key within the hardware and prevent software attempts to read the key because the HSM is equipped with a specialized, secure operating system that has very limited access via a network interface which is strictly controlled by access rules. HSM’s also have better random generators based on a physical process that helps generate stronger keys than the pseudo-randomness offered by conventional computer algorithms.
The provision of a secure authentication server integrated with HSM in your organization can allow client machines to request a key from the server and store/erase it in system memory, rather than on disk. This greatly reduces the risk of an attacker obtaining the key since it is not located on disk.
An additional advantage of a secure server is that if a key is known to be compromised or if a client system is found to have malware, the server can immediately revoke access to the client until risk mitigation practices are executed.
2. Ensure your data backups are air-gapped
Ransomware is malware that encrypts all digital data in your organization until a ransom is paid to the attacker. Organizations that pay the ransom almost never receive the decryption key and it is almost impossible to trace the attackers. The year 2017 saw 184 million ransomware attacks reported worldwide and is currently the second largest cyber-security threat that has brought organizations to their knees.
Proactive organizations realize the importance of separating their data backup systems from the computer network (called the creation of an air-gap), knowing how ransomware can spread through the network as a worm, reaching as many devices as possible (including backups) and often remaining dormant for a few months before initiating an attack.
Ransomware attackers will never be able to hold your organization hostage when you have a process that stores multiple copies of your data on air-gapped systems across geographically separated locations.
As an additional level of security, ensure that a copy of the data is stored locally in your organization and also ensure that multiple copies of the cryptographic bit-split data is stored across multiple cloud service providers. This ensures that even if attackers compromise one cloud service provider, they would be unable to prevent you from accessing the data.
3. Ensure safety from hardware faults for secure data recovery
The need for multiple copies of data is not only for protection from cyber-crime, but also because hardware failure in data storage facilities are a very common phenomenon. An average enterprise can generate anything from a few gigabytes to a few terabytes of information everyday and having a fault-tolerant software RAID architecture that is fully aware of the physical and logical status of storage devices, can ensure that physical errors, bit-rot or data corruption will never be an issue.
Fault tolerance also needs to address the issue of network outages across geographies in order to ensure minimal or no downtime. Among the most effective solutions to this problem is what is known as the Byzantine fault tolerance. For example, if the data is distributed across four systems and two of these systems either have electrical faults or malware, the data from the remaining two systems are sufficient to safely recover all the data.
Such a fault tolerant system supplemented with strong cryptography and bit-splitting technology can protect your data and offer the peace of mind that no matter what happens, there is always a way to recover your data.
4. Secure and monitor all levels of access control
Ensuring technological security via cryptography and fault-tolerance is relatively simple compared to the more crucial human-element of data security. It is imperative that every aspect of user data access be addressed. Even system administrators who normally have access to all data in the organization should not be able to view confidential, encrypted data.
Implementation of a role-based access control policy that is seamlessly integrated with the Active Directory services of the organization can automatically provide the required level of access to employees, system administrators, clients and vendors.
Such a feature coupled with detailed logging features that keep track of every single access, denial, creation, modification and deletion events are a goldmine of information for decision making when used for data metrics, audits, compliance reports, computer forensics, intruder detection, user behavior anomaly detection, event responses (like the automated blocking of IP addresses) and even the prediction of possible attack scenarios based on past security incidents.
System administrators in various organizations have been able to detect and stop brute-force password attacks on their servers by noticing the digital trail in log files.
It is important to review security incident information periodically and store this information for more than an average of 99 to 172 days (the dwell time to detect an attack). Also periodically examine information that you may consider unimportant. Mandates like HIPAA and the General Data Protection Regulation (GDPR) require companies to maintain detailed logs of system access, so store logs from all devices. The average enterprise may generate log data of four gigabyte or more in a single day.
When faced with a security incident, your organization would not want to be left in the lurch because a crucial device or app activity was not logged.
The best practices mentioned here require deep knowledge in cryptography, key management, data storage facilities, attack vectors and security standards. Implementing a solution in your organization from scratch or integrating various security applications to provide the desired level of security can not only be time-consuming and expensive, but also expose the organization to more vulnerabilities that you may not have considered.
What your organization needs is a comprehensive solution built by industry experts that can be easily deployed and operated with minimal expertise. A chain is only as strong as its weakest link.
A judicious investment in an effective implementation of a risk mitigation strategies for compliance, real-time incident reporting, encryption, resilient data backups and automation goes a long way in ensuring smooth business operation, brand reliability, customer satisfaction and trust.