Five Scenarios Where Data Visibility Matters—A Lot
Blog Article Published: 08/19/2016
By Charles Green, Systems Engineer, Code42 In case you were off enjoying a well-deserved summer holiday and are, like I am, a firm believer in disconnecting from the world while on holiday, you might have missed the recent hacker document dump of the U.S. Democratic National Committee (DNC) emails. Personal note: if you did find a place remote enough to not hear about this, please send me the coordinates as I want to visit there ASAP. Information security professionals have long operated under the mantra ‘prevention is ideal, but detection is a must.’ Many professionals have extended that mantra to include the concept of ‘response’ to detection. Usually response is considered in terms of technical tools to speed remediation and improve prevention of future attacks. The DNC hack, like many other hacks before it, highlights the financial value of knowing what was in the data that was exposed. When it comes to evaluating the monetary value of knowing what data is exposed, ransomware is the ultimate capitalistic exercise. Hackers attempt to determine the right balance of 1) The organization’s tolerance to data loss, including the safeguards the organization may have in place; 2) The value the organization places on the data; and 3) The value they place on public knowledge of a data loss incident. The ransomer’s goal is simple, set a price point that the organization is most likely to pay. While ransomware is foremost in many of my conversations with C-level executives, the danger of an insider threat is also a recurring topic of conversation. In the past six months I’ve been asked for help with the following:
- “Our top designer went to work for our biggest competitor, what data did they take with them?”
- “We had a friendly merger with another firm but their top 6 engineers left shortly after the merger, did they take any data with them?”
- “One of our senior execs laptops was stolen; do we have any government mandated reporting requirements?”
- Performing point-in-time restores to before ransomware hits.
- Showing you what data was copied to USB devices or personal cloud accounts before an employee leaves your organization.
- Helping you determine what data was on a stolen device and the extent of your exposure.
- Making it easy for employees to restore their data after a viral ransomware incident.
- Never paying a ransom.