Managing global challenges to data integrity with secure file transfer


describe the imageGlobalization creates a slew of problems for data protection and management. Supply chains with far-flung stakeholders have increasingly massive, complex networks and storage systems. Complicating data transmission and storage efforts are a variety of internal and external threats. Recent high-profile data breaches at Target, Neiman Marcus and several prominent universities underscore the difficulties involved with data management on a large scale.

Secure file transfer services offer a centralized, cloud-based platform from which to leverage a data management framework on a global level. They can help eliminate the loose ends and blind spots that allow internal threats to wreak havoc and give malicious external agents a way in. This is critical as businesses add supply chain contributors and expand their customer base across international borders and into places with markedly different regulations. As cybersecurity protocols and data breach contingencies grow more disoriented as they encompass more organizations and individuals, secure file transfer can be a stabilizing force amid the confusion.

Advanced persistent threats: A global issue
Malware has truly gone global: According to a recent threat landscape report by FireEye, attack servers hosting malware are now present in 206 countries and territories. The number of countries hosting command and control infrastructure is up from 184 in 2012. An organization somewhere on the globe gets hit with a malware attack roughly once every 1.5 seconds, shaving 1.5 seconds off of the previous 3 second frequency found in 2012.

The FireEye report painted a truly global picture of the countries most frequently involved in malware generation and being targeted by threats. The countries home to the largest number of CnC servers were the U.S., Germany, South Korea, China, the Netherlands, the United Kingdom and Russia. The countries most frequently targeted by advanced persistent threats were the U.S., South Korea, Canada, Japan, the U.K., Germany, Switzerland, Taiwan, Saudi Arabia and Israel.

Many of the industries most frequently targeted by malware and other threats were those that rely on global supply chain infrastructure or cater to international consumer bases. This demonstrates the enduring appeal of large-scale international enterprises to cybercriminals and cyber espionage agents, as decentralized and inconsistent data management practices leave back doors open for insidious forces. Government, services/consulting, technology, finance, telecommunications, aerospace/defense and government were among the top targeted sectors.

These malware often evade traditional defense mechanisms such as antivirus programs, firewalls and security gateways. This makes defense difficult, and with a decentralized data management model, nearly impossible. Secure file transfer and similar methodologies are crucial to insulating in-transit corporate information from dormant threats and network vulnerabilities.

"Across the board, we are seeing a global expansion of APTs, malware, CnC infrastructure and the use of publicly available tools to facilitate the attack process," said Kenneth Geers, senior global threat analyst for FireEye. "The global scale of the threat has put cyberdefenders in the very difficult position of not having any clue where the next attack will come from."

The rise of internal threats complicates matters
As malware becomes easier to develop and acquire, enterprise networks and supply chains that lack secure file transfer and other advanced data management protocols will be potentially putting information at risk during every communication. However, malware is not the only threat potentially lurking in the enterprise. Insider threats are also on the rise.

Internal threats could be intentional, as from a disgruntled employee, or accidental as a result of poor security practices. As the number of supply chain stakeholders grows, so does the potential that an internal threat could present a problem. This issue was highlighted in the Target breach, as hackers were able to gain entry to Target's network via credentials swiped from an HVAC and refrigeration systems provider, a distant member of the retailer's massive supply chain.

Members of middle management teams increasingly serve as the source or point of compromise for internal threats, wrote Investor's Business Daily contributor Doug Tsuruoka. Fraud, bribery and corruption are traditional economic crimes that have taken on new dimensions in the digital age. Middle management are well-positioned to have access to significant stores of company and supply chain data, making them attractive partners or targets for hacking efforts, said financial security expert Amir Orad.

"Because of this access (to a company's data), middle managers may unknowingly be accomplices to cybercrime and fraud by having their credentials and accounts taken over by cybercriminals," said Orad, according to the source. "Cybercriminals know that middle management has access to key systems and therefore target this layer within the organization."

Deploying secure file transfer for lasting improvement
Secure file transfer can help businesses confront the realities of data security in the globalized, digitized business landscape. It can help them eliminate poor supply chain data storage and shore up transit integrity across the board. It can also help mitigate the possibility that a middle manager could subvert company information security practices or be used as a conduit for data theft.

IBM Sterling Managed File Transfer is a powerful tool for the effective management of all data transferred within or beyond enterprise networks. Among its core attributes are point-to-point file transfers with continuous security that represents a significant improvement over file transfer protocol transmission. It also offers the ability to customize file handling and administrative processes according to business needs and structure. This introduces more checks and balances into data management systems, and eliminates the possibility that a rogue worker can engineer a large-scale data leak. 

The demilitarized zone is another critical feature included in the IBM Sterling Managed File Transfer solution IBM Sterling Secure Proxy. It provides a protective blanket for secure file transfer with better perimeter security, aided by secure sockets layer session breaks and self-service multifactor authentication. It enables organizations to tailor their security protocols while maintaining productivity as a priority. 

Secure file transfer protects globetrotting data
Information security will likely always be challenging. A company over-concerned about data integrity risks self-inflicted paralysis and irreversible damage to its growth potential. A secure file transfer solution can help businesses navigate the complexities of globalized supply chains and worldwide customer bases by providing a centralized and steadying force.

If you liked this Lightwell article, check out:

Keep secure, protected and private: