Based on attacks that occurred in February, a key takeaway from a risk mitigation perspective is to leverage encryption - especially for data at rest. Each sector was affected by a cyber threat that could have been mitigated through the proper use of robust encryption. Here are the different ways you can deploy encryption to mitigate the risk of data at rest being lost or stolen, prioritized by user exposure:
Try to ensure full-disk encryption for all mobile devices such as laptops, tablets and phones. It's important to note that technology makes it easy to share information as devices automatically sync information from device to device and in many instances you'll have personal and corporate information on the same device. A compromised device can theoretically affect your entire ecosystem.
File and folder encryption, preferably certificate-based, is the next level of encryption to deploy to mitigate the risk from users migrating data from the corporate-secured application and device to their own. An example of this would be a user pulling data out of an application and building pivot tables in a spreadsheet. More data migrates from the theoretically better secured application and database system of record to the user's desktop, where it is no longer encrypted at rest as the workstation is in use. For this encryption capability, human factors such as ease of use and substantial employee training need to be a focal point of the solution.
Application and database encryption is the area that holds the most legal and regulatory risk but has the least amount of human factors involved from a user standpoint and therefore can be engineered into a standard solution. The interaction between applications and databases also is generally your transactional systems of record that typically process customer payments, order fulfillment, enterprise resource planning and customer relationship management activities. While they might not be as exposed as your user base, they hold large quantities of data that is of value. In this area, you will want to ensure that encryption best practices are fully in place at the application and/or database environment and that key management process and key custodian are strictly enforced, as the strength in any encryption system resides with the level of key size and key management.
While using encryption does not mitigate all risks, it does mitigate a significant portion of risks to your technology-based legal and regulatory landscape such as HIPAA, HITECH, PCI-DSS, etc. Unfortunately, encryption can be challenging in many technology environments, placing a burden on ease of use for your users as well as affecting performance of some enterprise applications. Of course, every month brings different attacks and different appropriate countermeasures as attackers and threats evolve.
In February 2015, Financials was the lone industry sector with cyber crime incidents above six-month averages. This is largely attributed to the massive breach at health insurer Anthem. SurfWatch Labs collects and analyzes cyber-incident data and through that process, Anthem accounted for an astonishing 42 percent of all the negative CyberFacts collected in February. This caused the Financials sector share of overall cybercrime discussion to jump by more than 33 points – from its 12 percent six-month average to 46 percent. Additionally, Financials had 46 distinct cybercrime targets discussed in February, a significant rise from January's 28.
What happened in Consumer Goods, Information Technology and Health Care in February? Each saw slight improvement over January activity, although all industries unfortunately experienced notable incidents that call for due diligence. In this slideshow, Adam Meyer, chief security strategist, SurfWatch Labs, highlights the findings from each sector.