The War On Data: Three Defense Mechanisms Your Business Needs To Adopt

August 03, 2021 | Andres Rodriguez The War On Data: Three Defense Mechanisms Your Business Needs To Adopt

This blog was originally posted to the Forbes Technology Council.

We have entered an unusual new age of security. The Colonial Pipeline incident, which cut off a major source of fuel for the Eastern United States, was a reminder that bad actors are operating within our borders. They might not have physical boots on the ground, but malicious independent groups can access and disable critical systems. They can shut down major hospitals and infrastructure. They are here, and they are powerful.

Too often, we write off these agents as anarchic hackers, hooded figures hiding out in basements, operating only for their own gain. This may be true in some cases — except for the clichéd hoodie — but we also face state-sponsored agents carrying out cyberattacks in the U.S. and around the world. Our intricately networked world means that foreign agents can cause massive damage, invading our territory without leaving home.

As a nation, we have long been focused on protecting our physical assets. Today, though, nearly all of our physical goods have a digital manifestation — our bodies, too, in the form of personal health information (PHI) and other data. Everything in our physical world has a mirror in data, and hackers can impact that physical world if they can access this data. Hackers did not literally shut down the Colonial Pipeline. They tied up the data that is critical to its operation. But they might as well have closed a valve to stop the flow.

We are going to see more attacks like this one. Hackers are tantalized because companies will pay large sums to avoid multi-day business disruptions. So, what do we do?

We change how we think about data security. Both our digital infrastructure and our general approach to security are woefully outdated. There are larger problems to be addressed at a national and international level, especially as countries like North Korea train increasingly sophisticated armies of hackers. Global enterprises can take a few steps to reduce the risk that they become the next enterprise victim. A good defensive strategy relies on strong, mutually supported positions in order to minimize damage and also be able to recover from damage as quickly as possible. Here are a few places to start:

  1. Organizations need to limit how much data is accessible to end users. Access to information is an essential feature of an open and free society, but one of the well-known rules of digital security is that people are the weakest link. As an organization, you can do everything possible to secure your networks and data, and follow all the best practices, but all that work will be in vain if one person clicks on the wrong link. Educating all of your organization’s end users is a great first step, but why not put stricter policies in place that limit their access? Why not do a little extra work to ensure that end users in marketing or customer service cannot access critical infrastructure systems?
  2. Two-factor authentication should be standard. How is it that all large companies are not using this already? Without it, anyone can log in from anywhere to access data. We do it for convenience. Especially now, as more users are working from home, companies want their employees to be able to access their data from anywhere. Without two-factor authentication, though, this makes it easier for malicious agents to infiltrate your network as well. I am not advocating mass network lockdowns. Not at all. But we do need to modernize how we think about what specific users are allowed to do as they roam the information space.
  3. Stop relying on old data protection solutions that were designed for a few offices with a few TBs of data. As the recent wave in ransomware and other attacks grow in sophistication and complex multinationals become ever more dependent on data in all its forms, our methods of protecting critical data and systems need to evolve in kind. Large enterprises relying on backup, for example, will need to head back to the IT whiteboard, as this outdated solution fails to protect companies against large-scale ransomware attacks, which often leave victims offline for days or even weeks at a time.

The Colonial Pipeline affair will not be a one-off incident. The impact of that attack will only embolden malicious hackers. A war on data is underway, and we need to rethink how to defend ourselves. Is your organization prepared to prevent as much damage as possible? Do you have solid recovery plans that can unwind any inflicted damage? The next attack is coming. It is only a matter of when, and whether you are ready.

Related Posts

June 07, 2022 VMware Highlights Nasuni as Horizon File Data Solution

This has been an exciting year for Nasuni on several fronts. We’ve signed on some of the largest companies in the world as new customers. Our existing customers are expanding their use of the platform. The investment community has given us another huge vote of confidence, our rapid ransomware recovery capabilities are pulling in unprecedented business, and our engineering team continues adding new features to the platform. As the VP of Strategic Alliances, though, I’m particularly excited about how our partnerships with some of the top technology providers in the world continue to get stronger.

, , , , ,
May 24, 2022 The Sanctity of Data: Why I Joined Nasuni

If the energy industry teaches IT professionals one thing, it’s the importance of respecting the sanctity of data. Whether you devote internal resources to acquire seismic data or purchase it from another organization, this data is gold. Highly paid geoscientists and engineers need to be able to analyze it quickly and securely, wherever they might be in the world. If this data is lost, corrupted, or incomplete, these professionals can’t do their jobs, and the company loses money.

, , , , ,
May 03, 2022 Accelerating Multi-Cloud Migrations at the Petabyte Scale

The UniFS cloud-native file system, the Nasuni Analytics Connector, Global File Acceleration and the many other tools that power our file services platform have all been conceived and built in-house. But, as we continue to grow our base of multi-PB customers, and more of these large global companies adopt multi-cloud strategies, Nasuni made the unusual but exciting decision to accelerate our capabilities through an acquisition. The product team is extremely excited to onboard the technology of DBM Systems and expertise of Dr. Joseph Slember to ramp up our cloud-to-cloud migrations.

, , , ,