Protecting your business from cybercrime
Obtaining sensitive data is the primary objective for cybercriminals when targeting businesses. Sensitive data can vary depending on the organisation but examples include intellectual property, source code, trade secrets, customer and employee personal identifiable information, account numbers, financial credentials, pending M&A contracts, access tokens and passwords. Cybercriminals will quickly turn the stolen data into a profit by reselling it to interested third parties, whether that be in the underground market or to competing organisations.
Sending spear-phishing emails to target employees remains the most common attack method used by criminals to compromise organisations. Typically the spear-phishing emails have malicious attachments, such as a PDF or word document, that exploit common vulnerabilities found in popular programs such as Adobe, Oracle and Microsoft Office. The attackers rely on social engineering and human error to trick users into opening the malicious attachment, which triggers the exploit and infects the machine. Once infected, attackers can install additional malware that focuses on locating and stealing businesses’ sensitive data.
Organisations need to understand where their sensitive data is at all times while having complete visibility and control over who’s accessing it and where it’s travelling. This will enable organisations to perform risk assessments across their IT infrastructure, including their physical, virtual and mobile environments. Risk assessments will provide organisations with the insight needed to protect their critical IT assets and sensitive data while hardening any points of weakness. For some businesses this may sound like a daunting task, but they should leverage their current IT team or outsourced IT service provider to do this. In today’s hyper-security sensitive environment, this type of cyber-risk assessment is commonplace with readily available processes and methodologies to ensure success.
How do I protect my business against these threats?
1. Data Protection is the Top Priority
Prioritise data protection first and foremost. Data breaches are inevitable but losing your sensitive data is not.
2. Identify Your Critical IT Assets and Sensitive Data.
Identify which IT assets within your business are the most valuable and what type of sensitive data they hold – this will provide the visibility and control capabilities needed to prevent attackers from accessing and stealing your sensitive data.
3. Protect Those Data Assets
Once sensitive data is identified, label it. Classifying sensitive data with digital labels such as “internal only” or “confidential” will help with tracking sensitive information that will be targeted by attackers. In addition, have complete visibility over who is accessing the data and how it’s being used and shared, both internally and externally.
4. Improve Security Education for Employees
Add data protection policies to manuals and employment agreements, and train employees regarding the use of confidential data. Also be sure to perform regular security educational training and invite your contractors, vendors and partners to participate. Include examples of social engineering techniques and common attack methods so your employees will be aware of the threats currently targeting them.
5. Know that “Compliance” isn’t enough
Although many industries have basic compliance requirements, like HIPAA, PCI and Sarbanes-Oxley, these compliance standards are just the beginning to securely protecting your sensitive data. They’re a good foundation, but more must be done to keep business-critical data, beyond credit card numbers and social security numbers, safe.
6. Be Prepared if Your Data is Stolen
Even the most security conscious organisations in the world get attached and lose sensitive data. Accept that it could happen and have an incident response plan at the ready.
What are the biggest mistakes businesses typically make in this area, and how can they avoid or rectify them?
Often it’s an issue of resources and budget restrictions as opposed to making mistakes. Businesses may not have the money to purchase additional hardware or implement expensive security products across all areas of their IT infrastructure, nor do they have large IT staffs with dedicated security professionals. But doing the basic system and endpoint hygiene helps improve an organisations security posture dramatically. For example, improving security education among employees is critical, in addition to ensuring all applications, programs, AV software and operating systems have the most recent security updates installed. Lastly, businesses should consider SaaS- (Software as a Service) or MSSP- (Managed Security Service Provider) based security solutions. This model of delivery will provide a much higher level of security at a lower, monthly subscription cost with no additional strain on existing IT resources.
A key thing to remember is that businesses are not immune to cyber attacks. The list of compromised companies is already long and growing. While budget and resource pressures are intense, system security and data protection can no longer be ignored. At minimum, businesses must do basic network and endpoint hygiene, like patch management, so they don’t become the “easy targets” that both sophisticated and novice hackers are searching for every day.
The author: Mark Stevens is VP of Global Services at Digital Guardian
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”