It is no secret that the IT security landscape has become a lot more complicated in recent years with many more endpoints to look after and threats coming from just about every angle. Hacker strategies such as social engineering mean that employees at any level of an organization may be targeted, and even consumer-centric sites like Facebook might be used to orchestrate a large enterprise data breach. However, it is important to remember that it is not just the internal network that needs protected - it is just as critical to focus on the data being transferred among business partners, customers and employees.
A look at the big breaches
Information is Beautiful recently published an interesting visualization that looks at some of the world's largest data breaches dating back to 2004. Although some of the major incidents were the result of large cybercriminal groups, many of the showcased incidents could have been prevented by simply evaluating the victim organization's IT strategy and ensuring that best practices were being followed. For example, the U.S. military experienced a breach in 2009 that compromised the records of 76 million veterans. In this case, the organization did not delete or encrypt its data after sending storage devices for destruction.
A screen shot of the visualization
Another incident from Morgan Stanley was the result of insecure data exchange practices. In 2011, the organization sent an unencrypted disk to the New York State Department of Taxation and Finance. The disk was mailed, but never reached the intended recipient, resulting in 34,000 compromised records. As ABC reported at the time, clients' Social Security and tax information was exposed, and Morgan Stanley offered to pay for a year of credit monitoring to protect affected individuals.
Although there was no evidence of criminal misuse in this case, Morgan Stanley's Jim Wiggins highlighted the importance of improving data transmission so that similar breaches would not happen again. The lack of encryption is a common issue for all types of breaches, whether they stem from accidental device loss or unprotected data in transit. The problem is that data is continuously moving throughout the business and it is not always easy to ensure the appropriate safeguards are in place.
A more diverse device landscape
The challenges IT security professionals face have only become more varied. For instance, in 2011, bring your own device was just a burgeoning trend with only 25 percent of businesses in a Citrix survey supporting it. These days, more than half of the work force leverages personal devices for business purposes. This means that not only are enterprises dealing with more data, but they're transferring it to a much larger range of devices.
BYOD has many implications for the IT security world, and it's not just about sending files from person to person - as mobile applications become increasingly sophisticated and software is integrated across numerous platforms, the programs employees use will also be sharing infinitely more data than they have in years past.
Many of these problems seem insurmountable due to an increasingly Web-connected business world and the way the Internet was developed. As TechTarget contributor Ernie Hayden recently noted, security has essentially been "bolted on" to the initial design.
"If you think of enterprise systems as a sieve, then every hole not covered by the security team gives attackers opportunities to breach systems and either steal information or, in the case of the electric power industry, negatively impact grid operations," Hayden wrote.
The growing complexity of enterprise IT systems makes it difficult to close every gap, particularly as IT departments are held to much higher expectations. Data exchange is a good example of this complexity because technology teams must be able to balance convenience for users and data protection measures - if a firewall configuration error prevents remote users from accessing the data they need, they may opt for less secure, more convenient options. Managed file transfer services can help organizations get across this gap by first forming a strategy for improving data exchange and configuration solutions that satisfy an organization's need for compliance and security with the end user's demand for convenience.
Avoiding data breaches is no small task, learn how to simplify the process and maximize protection with our complimentary on-demand webinar: