Information theft is the most profitable crime in the world today as well as the one posing the least risk to the criminal. In most instances, breaches are not done by mysterious genius hackers in Eastern Europe, but by insiders who have been given the keys to the kingdom as part of their jobs, while their other job is working for a syndicate.
With 75% of all information security breaches in corporations being against the company’s databases, one must ask why more companies are not taking effective action to protect their most valuable assets, their information.
“If a stranger walked into your business and asked for the database administrator’s password, would you give it to him? The answer, one hopes, is no,” says Hedley Hurwitz, MD of Magix Integration. “That being the case, if you hire that stranger to look after your databases today and he starts work tomorrow, one of the first things he receives is the password and access to all your data.”
Hurwitz adds that corporate file servers are even more poorly protected and even more at risk than databases. The data on files servers is completely unstructured, yet contains a variety of files, from spreadsheets to statements, business plans and payment data.
Protecting your data, whether unstructured or structured (database) requires specific tools and knowledge, as well as insight into the processes with which legitimate users access and use the data.
“When you know what legitimate access looks like, it will be easier to implement monitoring solutions that identify abnormal activities for further investigation,” adds Hurwitz. “Monitoring solutions will also identify legitimate transactions that cross normal boundaries so that they can be verified before they are approved.”
Securing data effectively requires a multi-faceted approach incorporating tools, knowledge and constant user activity monitoring. The combination of these does not need to break the bank, but can prevent data loss from breaking the business.
© Technews Publishing (Pty) Ltd | All Rights Reserved