Visualize Everyday Workflow Threats to Prevent Data Breaches
Do you know where your organization keeps its PII, PHI or other IP? Are they on-premise or in the cloud? Do you know who has access to them? Are all of your financial records accounted for? Do you know if this year’s product plan or next year’s budget have been accessed, downloaded or shared? Does the contractor who left your firm last month still have access to these records?
The modern enterprise spends millions of dollars on cyber security, yet the modern CISO can’t say in any specific detail what information is entering and leaving the firm. If you can’t see it, you can’t defend it. Everyday workflows where employees exchange sensitive information with external parties expose the firm to constant threats, including leaks, phishing, malicious files, and compliance violations. These external workflow threats have a common theme: a user is the actor, and a file is the agent. Complete protection requires a defense that spans the full breadth of the associated threat surface: the collective paths of all files entering and leaving your organization.
In my last blog post, we discussed how everyday workflow threats like internal leaks and malicious emails have complex, intricate threat surfaces that are difficult to define and more difficult to defend. Today, I’ll explore the importance of visibility to that threat surface with a CISO dashboard for visualizing and tracing all external file transfers.
If You Can’t See It, You Can’t Defend It
In most organizations, the external workflow threat surface is only partially visible and partially defended. You can’t really see it by scanning packets, because packets are on the wrong layer. You can’t fully defend it by scanning files, because a file is only one point on the surface. To understand the full threat surface of all external workflows, you must visualize the collective paths of all files entering and leaving the organization.
If you don’t have visibility to the path of every file entering and leaving your organization, then you have no real control over the threat. You can implement point solutions, such as anti-virus (AV) and data loss prevention (DLP), but how can you be sure that they are seeing every file? How can you be sure that you are protecting the entire path? It only takes one malicious email attachment to destroy your network. It only takes one leaked client folder to destroy your reputation.
If You Can’t Measure It, You Can’t Manage It
To manage the threat, you must measure it. As a start, you need a detailed log of each external file transfer. Where is it coming from? Where is it going to? Who is sending it? Who is receiving it? What are its contents? Is it sensitive? Is it infected? Imagine the power you would gain with a CISO dashboard that shows all external file transfer paths in real-time between your organization and your customers, your vendors, your partners, your attorneys, your investors, and all other external parties.
When you have visibility to the path of every file entering and leaving your organization, you have real control over the threats to your external workflows. A CISO dashboard monitors all sensitive content and IP that enters or leaves your organization, including the who, what, where, when and how of every file exchanged with an external party. [Source: Accellion secure file sharing and governance platform]
With visibility of all external file sharing, you can separate routine work from anomalous threats. Imagine analyzing those communication paths along relevant dimensions, such as content sensitivity, origin and destination, time of day, or simply file type. When you can see the threat surface clearly, completely, and in context, then you can devise a holistic security strategy that prevents bad actors from subverting your everyday external workflows.
In the next post, I’ll discuss shrinking the threat surface by constructing a secure external perimeter around file sharing applications and a secure internal perimeter around your sensitive data repositories. Otherwise, sensitive files can leak out undetected and malicious files can worm their way into your most sensitive content. Future posts will cover concepts like hardening the threat surface with data encryption in transit and rest, and advanced security tools like ATP and DLP.
Protecting Sensitive Content in a Dangerously Connected World