Given the dramatic increases in the volume and frequency of data theft due to breaches and the increased threat of cyberattacks resulting from current conflicts, organizations worldwide are prioritizing tactical and strategic efforts to shore up their data security. Here are six best practices you can implement right now to improve your security posture and protect the sensitive personal data for which you are responsible.
Know your normal.
One of the ways that threat actors gain access to databases holding sensitive personal data is through the misuse of an authorized client’s credentials. When that happens, the outside attacker becomes an insider threat. In 2022, Forrester Research reported that 58 percent of sensitive data security incidents are caused by insider threats. Legitimate authorized user accounts that are assigned to internal employees and business associates – are either misused by the rightful owner or leveraged by an external threat actor that has navigated through perimeter controls.
Mitigating this risk requires profiling and monitoring the information systems’ workload and focusing on known users’ access from unknown sources (e.g., IP address, geographic location, application, etc.). Identifying from where and when any given user accesses data and what they access in a normal course of action could help to identify a potential data breach; because simply stated, one you establish what are regular use parameters for authorized users, it becomes much easier to determine what abnormal, probably malicious access behavior looks like. A simple way to challenge potentially malicious use is through multi-factor authentication (MFA). This security process cross-verifies users with two different forms of identification, most commonly this is the knowledge of an email address and the proof of ownership of a mobile phone. According to Microsoft, MFA can “prevent 99.9 percent of attacks on your accounts.”
Know where your personal data lives.
According to Imperva’s report Lessons Learned from Analyzing 100 Breaches, nearly 75 percent of all stolen data is sensitive personal data. Still, 54 percent of companies report not knowing where their sensitive data is stored and another 65 percent say they’ve collected so much data that they’re unable to categorize or analyze it. Identifying your sensitive information and monitoring access to it could help to identify a potential data breach. Imperva offers a simple and cost-effective approach to ensuring your organization’s data privacy.
Use the principle of least privilege.
The Great Resignation has affected every type of organization and, combined with two years and counting of the pandemic has caused significant employee turnover. One of the most important (and easiest) practices of good cybersecurity is the principle of least privilege: A user should have no more access to data and systems than is necessary for their work. As people leave organizations and are replaced, jobs are restructured, and organizations must review authorized access to data permissions. Identifying who has access to sensitive information, along with reducing permissions to the minimum required, can help to prevent data breaches or reduce their impact.
Set a password policy and enforce it.
In one recent breach, cybercriminals used an easy-to-guess word “Password” to gain access and breach the system. Using such a weak password is like giving the attacker the keys to your house. Organizations must enforce strict password policies and monitor log-in events to their assets as this could help to identify a potential data breach.
Guard against deviations.
Lessons Learned from Analyzing 100 Breaches describes one type of inside attacker as the “Opportunist” who takes what they can and leaves. This kind of attacker will not try to search for other databases, or penetrate the organization’s network, they will not try to execute exotic exploits, etc., they will just take what they can and go sell it to the highest bidder. An attacker that has gained access to an existing user’s credentials to access data from a system may all of a sudden try to access 20x or 100x the “normal” amount of records that the legitimate user accesses during a certain time period. Understanding the standard usage of users in your systems and deviations from it can help to detect potential data breaches.
Close the gap between breach and detection.
My colleague Jason Zongker says, “the most critical period in mitigating damage from a data breach is the time from when a breach is made to when it is detected. Reducing that period is crucial to diminishing the attackers’ opportunities in finding and exfiltrating data.“ A good data security solution sniffs out potential policy-violating behavior before it happens, and helps improve performance every day. Leverage your capacity to gain visibility into your data repositories, in combination with context-rich alerting and efficient incident response workflows, to streamline threat containment and remediation efforts. Every organization that stores data must have threat detection mechanisms to reduce the detection time and avoid continuous data theft.
Although not all data breaches are the same, all organizations must have a solution in place that is able to apply security best practices like detection of sensitive data, permission reduction, and to learn regular behavior including the typical type of data, and the typical usage of data.
Imperva data security solutions can help you prevent and detect potential data breaches by using all of the aforementioned techniques and more. For more information about Imperva’s Data Security Fabric, please visit us.
Try Imperva for Free
Protect your business for 30 days on Imperva.