As the technology grows in an organization, the risk to data security also rises.The organization needs to secure their data by using some protection. Cyber intrusions and attacks have increased dramatically over the last decade – both in frequency and in sophistication - exposing sensitive personal and business information, disrupting critical operations, and imposing high costs on the economy. Over the next few years, cyber crime attacks are expected to cost as much as $3 trillion in lost economic value.
Recently, many data security breaches have impacted large corporations globally. It should be highlighted that enterprises of all sizes can be targets of data breaches; small and mid-size businesses are in the crosshairs as well and need to protect against data security threats. "To secure data, an important step that many miss out is to create an extensive data security plan in order to understand on what data could be at risk. Enterprise data must be secured through authorized and controlled access, and virtualization enables this security model as it allows one to have a secure architecture and orchestrate control throughout the infrastructure," says Mahesh Nayak, the Chief Operating Officer, SAP Labs India.
According to Muthu Raja Sankar, Managing Director, Accenture Security, many enterprises do not have sufficient capabilities to proactively identify, understand and respond to incidents that threaten the security of their data. This includes threats and exposures that they may face within the enterprise as well.
At Accenture Security, they believe enterprises can be successful in addressing this by following a three-phased approach:
Build a data protection strategy: Every enterprise needs a strategic vision for data protection, and an actionable roadmap for implementation and a thorough assessment of compliance requirements. This will ensure a strong foundation to understand and identify critical information, current data protection capabilities, and identify potential opportunities and remediation areas.
Optimize and implement the solution: Once the strategy is in place, enterprises must embed security monitoring tools and processes into day-to-day security operations and decisions. This will ensure the enterprise can run scalable security data management and analysis, automate detection and prevent data loss.
Run integrated operations: And finally, the enterprise must partner closely within to be able to achieve the desired outcomes of the data protection strategy. It must orchestrate operations between IT, security and the business to enable ongoing discovery and protection of evolving critical business data, proactively identify and prevent risks, and ensure compliance adherence.
How to secure data from Ransomware
Ransomware is without doubt growing, becoming bolder and more targeted. While future outbreaks are potentially likely to be faster and stronger, and can inflict more damage to their targets, technically and tactically, there are a range of activities that together will help defend and respond more effectively to ransomware outbreaks.
Ransomware restricts access to data by encrypting files or locking computer screens. It then attempts to extort money from victims by asking for "ransom", usually in form of cryptocurrencies like Bitcoin, in exchange for access to data. The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks.
In this context, enterprises need proactive threat intelligence and mitigation to detect and resolve targeted advanced threats. "The ability to analyse volumes of data and enable intelligent and actionable cyber response should be a core part of the overall security strategy. Enterprises must focus on investing in contextual security solutions to mitigate advanced threats and ensure the health of data networks and connected assets," said Mushtaq Ahmad, CIO, CSS Corp.
According to Microsoft spokesperson, in Windows 10 Fall Creators Update, we released Windows Defender Exploit Guard which is a new set of intrusion prevention capabilities. One of its features, Controlled folder access, stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access to folders.
On the other hand, “Accenture Security helps organizations build resilience from the inside out, so they can operate and grow confidently in a rapidly evolving threat landscape. They help businesses prepare, protect, detect, respond and recover along all points of the security lifecycle.
Particular to addressing ransomware threats, they also advise organizations to adopt a proactive prevention approach, elevate e-mail controls, insulate their infrastructure and most importantly, have a strong cyber resilience plan for recovery that is regularly reviewed and tested,” according to Sankar, Managing Director, Accenture Security.
SAP leverages email sanitation and has strict security patching processes in place, which prevents the WannaCry malware from infecting SAP managed machines. Cloud application security is a priority for every organization as cyber security attackers try to identify and exploit vulnerabilities. “At SAP, product security is part of the quality management process; we ensure that products that reach our customers have the complete product code and key security functions necessary to safeguard product use. Every business expects unalterable data security for the on-premise, cloud, and mobile infrastructure. SAP works continuously to strengthen and improve security features in all of our software and service offerings, while also ensuring our own company data and assets are protected,” added Nayak.
Part of responsibility for keeping files secure lie with online data storage providers and another part lies on the business and its employees. As the GDPR rolls out on May 25th, we embrace the European regulation as it sets a strong standard for privacy and data protection rights, which is at the core of many businesses.