Why enterprise cyber defences need to point in the right direction

Many recent high profile data breaches could have been prevented if corporate defences had been pointing in the right direction, according to cloud access security broker (CASB) Bitglass.

The company’s Asia Pacific Vice President, David Shephard, cites the Hacker-in-the-Hoodie or the anonymous ‘Guy Fawkes’ mask, both of which have become symbols synonymous with data breaches. Each supports the common perception that breaches happen when outsiders with malicious intent somehow evade prevention and detection controls and steal sensitive data.

Shephard says: “While this may be true, we’ve seen consistently in the Notifiable Data Breach Reports issued quarterly by the Australian Information Commissioner (OAIC) that human error continues to account for almost one-third of all reported breaches.”

He adds that many of these breaches could have been avoided easily. In fact, the numbers that could be attributed to error are likely higher since external attackers are taking advantage of internal mistakes in order to gain access to data.

Errors include system misconfigurations, the use of weak system passwords, or inappropriately stored or shared data within the cloud.

Such errors are often made by trusted users making simple and avoidable mistakes. While cloud-based tools provide extensive financial, flexibility and productivity benefits, they also make it easy to leak and share data with unauthorised parties unless appropriate security solutions and practices are deployed.

Windows and doors are being left open by players on the home team. Could overall cyber security be improved if more focus were given to insider threats?

Just like having a firewall for on-premises applications, storage and data, IT teams must be equipped with appropriate security tools that will allow them to utilise cloud services properly.

Unfortunately, some organisations believe mistakenly that cloud service providers like Microsoft, Amazon, Salesforce and others do everything required to ensure that corporate data is secure in the cloud.

Yet this is not the case. While cloud service providers must ensure that the underlying infrastructure and back-end processes behind their cloud offerings are inherently secure, it is up to organisations using the cloud to make sure they are securing access to the data they store in cloud platforms.

This is known as the shared responsibility model of security. It means that cloud service providers are responsible for security of the cloud, while organisations using their services are responsible for security in the cloud. Ultimately, a great deal of responsibility falls to the enterprises using cloud services.

These must take steps to ensure they are truly protecting their data from threats, including malicious and careless insiders.

Unfortunately, many organisations move to the cloud without taking their responsibility seriously (or perhaps without even knowing about it). Improperly stored and shared data, as well as improperly configured cloud systems, may be rampant in an enterprise without the knowledge of its IT department. This is often because they are relying on tools that, while once comprehensive, are no longer adequate in cloud environments.

The traditional perimeter and endpoint tools used for cyber security don’t extend to the cloud because employees, data and applications have moved off premises, and because the devices used to access this data are no longer all managed devices. In other words, the moat and drawbridge may remain, but the castle and the people have moved.

Clearly, what’s required is a shift in the way that companies are approaching security – the focus must be on identity, data and cloud rather than on endpoints or network perimeters.

Organisations that have been utilising SaaS and IaaS tools are turning to cloud access security brokers (CASBs) to gain visibility and control over their data. CASBs can enable the safe and rapid adoption of cloud services with comprehensive data protection, threat protection, identity and access management and visibility. All this is defined from a single dashboard and applied consistently across an organisation’s entire cloud footprint.

If an organisation stores data in the cloud, enables personal device access to data, and has users outside the firewall, reducing the risk of a data breach requires the IT department to maintain constant visibility and control wherever data goes. This is essential to protect sensitive information from external threats, to stop data leakage, and to help prevent users from making avoidable mistakes and poor choices – whether they are malicious or not.