Not so long ago, firewalls and security gateways were the heart of security infrastructures. We saw the rise of Palo Alto Networks, which brought us the next-generation firewall — a very advanced piece of technology that still focused on securing networks.
And then we fell in love with our smartphones and our cloud apps and the convenient way to do things that once used to be cumbersome. Suddenly, it has become easier to share data, collaborate on projects and access anything, at any time and anywhere, including our sensitive work files.
And today, these new technologies are not new anymore. They have become fixtures in the workplace. They speed up productivity and enable today’s mobile and globally dispersed workforce to work conveniently and at all times. However, with that anywhere/anytime access comes a significant increase in breach exposure points.
The challenges in combating the growing data breach problem have been greatly complicated by the fact that the way we work has changed dramatically. We live in a world where the enterprise perimeter has been stretched so far that it has become nonexistent.
The New Security Perimeter Is Us
Hackers have followed the trends. While next-gen firewalls added layers and layers of new threat prevention technologies, hackers changed their attack vector to focus on us. When user credentials are the attack vector of choice, it becomes clear that the new security perimeter is us. We saw it with Yahoo not once, not twice, but three times over — and with each data breach, an incredible number of user accounts were compromised. We now see companies make the headlines on a regular basis for data breaches — breaches could impact hundreds of thousands or even millions of people. Hackers are targeting personal data such as healthcare records and tax returns, which have high ticket prices on the darknet. There is no end to breaches despite the best technology.
Interestingly, more often than not, data breaches can be prevented — or, at the very least, exposure to such data can be limited — if simple steps are taken by employees to show more care with company data.
As employees, we tend to favor convenience over security, which makes sense — we all want to succeed as we do our jobs as quickly and as efficiently as possible. But the price to pay could be high. As consumers, though, we often have different instincts regarding our data. We hesitate before sharing social security numbers, keep our tax returns confidential and make sure our accountants have secure communications. In other words, we try to safeguard our personal data much better than corporate data even though we rarely have the same security tools at home.
Source: SANS ISC SecNewsFeed @ May 4, 2017 at 08:24AM