How to Combat Cyberfraud, Data Loss, and Email Abuse
The Clear Threat
Hardly a day goes by without an instance of a major breech in cyber security of one type or another causing data loss, data corruption, or denial of operational capability. Sift Science’s latest research offers an overview on how businesses are experiencing cybersecurity security threats in many different forms within the enterprise environment.
Sift documents that 62% of businesses say they are facing payments fraud related to digital goods in particular. Nearly half (46%) cited fake accounts as a threat to their company. According to the report, 86% of companies expect at least the same level of fraud in 2017, and 91% of firms say they plan to spend at least the same amount of money on anti-fraud measures as they have in the past.
While losing money to fraud is the most common concern of businesses, researchers found, cybersecurity threats can negatively impact a company in a multitude of ways that have an even higher risk value, specifically confidential information and data loss.
With budget constrictions, businesses are expected to do more with less when it comes to cybersecurity. In the same Sift report only 9 percent of respondents said their budgets will increase, yet 70% said they are looking for a more efficient cybersecurity process. The same percentage said they are looking to automate their anti-fraud efforts. Meanwhile, more than a fifth said they are looking to increase cybersecurity staff to combat fraud issues.
In a recent report issued by Echoworx in 2016, 75% of companies surveyed said they are developing an encryption strategy — compared with only 51% that said the same in 2015. More than three-quarters of companies said they are planning to use encryption solutions in conjunction with data protection technology in the near future.
A Ponemon Institute research report (Aug 2016) on Data loss presented results of a US and European study of 3000 organizations across multiple industries. Ponemon highlighted that 76% of respondents experienced either data loss or theft in the past 24 months, a sharp increase over 2014.
88% of end users say their jobs require them to access and use proprietary information such as customer data, contact lists, employee records, financial reports, confidential business documents, or other sensitive information assets. This is sharply higher than the 76% recorded in the 2014 study. More alarmingly 62% of end users say they have access to company data they probably shouldn’t see.
IT practitioners say insider negligence is more than twice as likely to cause the compromise of employee accounts as any other culprits, including external attackers, malicious employees, or contractors. Even though only 15% of organizations say they have been hit by ransomware, 78% of IT people are very concerned about it. Of those who have been hit, 15% of organizations have experienced ransomware and barely half of those detected the attack in the first 24 hours.
35% of organizations have no searchable records of file system activity, leaving them unable to determine, among other things, which files have been encrypted by ransomware. Only 29% of IT respondents report that their organizations enforce a strict least privilege model to ensure insiders have access to company data on a need-to-know basis. Only 25% of organizations monitor all employee and third-party email and file activity, while 38% do not monitor any file and email activity at all.
Although the majority of the input was provided by senior level management and IT personnel, the details disclosed cannot include losses associated with system or data breaches that have remained undetected. This whole issue is extremely sensitive and there is no doubt than many organizations may not know that they have been defrauded or suffered losses. Likewise, many more will not admit to having experienced such issues.
So what does this mean in real terms? If 76% of respondents to the Ponemon report confirm that they have a sharp increase in these types of security issues over 2014, and an EMC report in 2014 projected $1.7 trillion losses per year, the losses today must exceed $2 trillion a year and counting.
Whether we accept it or not, the inescapable conclusion is that the continuing increase in data loss and theft is due in large part to three troubling factors:
- Lack of properly structured, maintained and secured systems that encompass our operational environment
- Compromises in insider accounts that are exacerbated by far wider employee and third-party access to sensitive information than is necessary
- The continued failure to monitor access and activity around email and file systems – where most confidential and sensitive data moves and lives
Recommended Defensive and Offensive Measures
Simple but effective solutions can close your existing loop holes and enable the automation of strategies and policies that will highlight any subsequent breaches:
First, you must implement effective network intrusion monitoring measures.
Then, you need to incorporate a digital ECM solution that provides a structured repository environment for application of security for both access and content permissions. Simply put, you must define who has Access and what they can and cannot do once they are given access.
Ensure that you content is encrypted both when it is “at rest” and “in transit.” If you only do one or the other, your data is still at risk. This ensures that it cannot be hacked. Additionally, a proper enterprise content management solution will have the ability to process accounts payable and receivable via workflow, enabling validation, oversight, and approval at all stages. Now you see why in transit and at rest both require security measures.
This ECM must also provide Version/Revision control to keep all versions of content for validation and reference purposes, and it must provide automatic active notifications of actions taken, regardless of security rights.
Full Audit trail capability is required as well, to enable monitoring and review of all document actions taken, by whom and at what time. A worthwhile ECM solution will have secure email alternatives. This includes encrypted attachments – links which require online security access to the ECM system in order to gain access to the linked document. In addition to these capabilities, Automatic Retention policies are a must for automatically managing content.
Once you have an ECM in place that meets these needs, complement your email system with a fully encrypted email solution. Remember to implement disaster recovery / backup solutions to ensure high availability at all times.
These solutions may well incur additional costs not currently applicable. However, when set against the ongoing costs associated with leaving these risk factors wide open for further abuse, they pale into insignificance. And finally, it is critical to maintain vigilance – putting all these measures into place is only the first step. The management’s commitment to maintenance of these solutions, policies and strategies must be ongoing and meticulous.