According to Carlos Rodrigues, Varonis VP for Latin America, implementation of security policies and strategies focused on data integrity must come before the perimeter, making intrusions fruitless for cybercriminals, as it will not be possible to extract useful information in this case.
After the Equifax problem, another large company had serious problems caused by the lack of security and consequent data leakage: Deloitte. In September, the company confirmed that because of a vulnerability in access to an account with administrator privileges, hackers were able to break into the entire internal email system (including names, passwords, personal data and IP addresses) and had access to all areas of the company. It is estimated that 5 million emails have been accessed.
As a result, confidential strategic information regarding the business plans of some of its largest clients turned out to be unduly public. The attack took place in the United States, where Deloitte provides auditing, tax advisory and consulting services to multinational companies and government agencies around the world.
Unfortunately, these problems with Deloitte and Equifax are not isolated cases. Worse than that, in the global study released this year by Varonis, entitled Data Risk Report, we saw that in 2016, more than 48 million file folders in the surveyed companies were accessible to any user and also that there was a lot of information stored in inappropriate places. Data show that there is a wide lack of awareness about the importance of privacy.
But is protecting data really so difficult that it makes systems sensitive and vulnerable to intrusion repeatedly? The truth is that protecting data is something that can (and should) be solved “without a headache” by implementing security policies and strategies focused on protecting data, not the perimeter.
In Brazil, we are as subject to such violations as we are abroad. Precisely for this reason, the Marco Civil da Internet began to regulate the use of the internet in Brazil, with security as one of its pillars.
Here are the best ways to prevent corporate email attacks:
- Tracking - Know who has access to certain information and what the user can do with it (and also when they can do it), and understand when sensitive files and emails are opened, moved, modified, or deleted. This makes it easy to take the right action to block sharing or other inappropriate email action. Monitoring lets you manage all types of data (text files, spreadsheets, presentations, and more), and detects potential security holes and insider threats.
- Investment in Manpower - In addition to investing in security technology, it is essential to invest in companies specialized in information security professionals, who are certainly already able to work with protection of email systems (example: account identification with open access to files that should be blocked).
- Create a “safety culture” for the user - There's no point in having a security professional in the company if the user doesn't do their part. We need to work on the “safety culture”, get the user to know the basics of good protection practices, and handle the data in the right way without the risk of suspicious activity and possible data breach.
By adopting this “security trio”, companies will surely be in business advantage because they manage their information and email more effectively, preventing any access that might compromise it at the administrative, financial or legal.
Source: securityinformationnews.com
About [SAFEWAY]
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
● [SAFEWAY] Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.
● And others, involving technologies Imperva, Thales, Tripwire and WatchGuard Technologies.
We await your contact: [email protected]
