Sensitive Data Protection: 3 Reasons for the Vanishing Perimeter
Author(s): Scott Johnson, Posted on June 25th, 2014
Protecting sensitive data has become a complex proposition for a majority of organizations. The network perimeter of the past has vanished and data can no longer be contained, let alone protected. The question is no longer “if” your organization’s sensitive data will be targeted for attack, but “when, how frequently and how substantial the impact will be in terms of costs and credibility?”
The industry-wide impact is significant and a real cost to companies. Ponemon Institute’s 2014 Cost of Data: Global Analysis study found that the average cost impact for a company rose to $3.5 million US dollars, up 15% over 12 months. Additionally, Ponemon indicated that the estimated cost per lost record had now reached over $200 and has been accelerated by what the research firm calls the “cloud multiplier effect.” Sensitive data breaches are now being tracked by organizations such as DataBreaches.net and IdTheftCentre, with the information being made available publicly. Some of the examples, such as Evernote, where 50 million users were required to reset their passwords, have had a negative brand impact. While other breaches like the Target point-of-sale breach not only resulted in 40 million credit cards being stolen, but also resulted in a 46% decline in profits and the resignation of their CEO. Some analysts estimate that the total cost impact for Target could reach $1 billion US dollars.
There are a number of reasons for the vanishing perimeter and the impact that it is having on the loss of sensitive data. One key reason is the explosion in the volume of data that is easily accessible in a variety of formats and mediums. Our reliance and access to data is accelerating faster than our ability to protect it. IDC estimates that in 2015 there will be approximately 2 exabytes of enterprise level unstructured data available. To give you a sense of size, one exabyte of storage could contain 50,000 years worth of DVD-quality video! When looking at the data (unstructured data such as PDFs, JPEGs, MP3s, MOVs), organizations must take into account that these types of files are increasingly susceptible to theft and in some cases can actually be the vehicle for theft.
Malwarebytes recently demonstrated a new variant of the Zeus Trojan called ZeusVM where the malware was hidden in a JPEG image as a decoy to allow an attacker to exfiltrate sensitive data from the server. This is commonly referred to as steganography; a practice dating back to ancient Greek historian Herodotus. Attackers have incorporated this technique into digital attacks that lead to data exfiltration. Another disturbing trend can be seen by the CrytpoLocker and CryptoWall viruses where by simply selecting a digital advertisement your data is encrypted by a data extortionist and held for ransom.
A second key reason for the vanishing perimeter and threat to sensitive data is the enumeration of access types. There are now over 7 billion mobile devices in the world today. Cloud computing is changing the way data centers are deployed and managed, thus changing the security paradigm for protecting them. Social networking and collaboration solutions, from LinkedIn to Basecamp, expand the “access ecosystem” of available data further putting pressure on the need to protect sensitive data for organizations.
A third factor causing organization’s to lose sensitive data is the increased sophistication of the attackers and the attack types. From Hactivists to organized crime rings, the bad guys are smart, focused and are using the latest techniques to capture sensitive data. For example, an attacker uses a malware infected JPEG to phish a 3rd party contractor, stealing the users credentials to access Company X’s contractor portals. The attacker then identifies a web server and infects it with malware to enable command and control by the attacker. Next, the attacker infects POS systems with a variant of the BlackPOS Trojan and begins scraping clear text credit card stripe data. That data is routed out silently through the infected server to the attackers FTP server in a foreign land. It is a complex, polymorphic type of attack that can remain undetected for months by many of today’s most widely used signature based security tools.
To combat the problem, Unisys has taken a unique approach to protecting sensitive data, by effectively cloaking devices in the network so that the attackers are unable to see the server or endpoint. With Unisys Stealth, the attack surface is reduced leveraging containerization, encryption and authorization services such as Active Directory. The data and transactions are simply undetectable by any other user and device that is not part of the same Stealth Community of Interest (COI). Stealth also segments the user communities so that any malware is contained and the resulting disruption and impact minimized. Stealth is non-disruptive and easily adapts to the organization’s current infrastructure without the need to make changes to hardware or reconfigure switches and routers. Stealth is a signatureless, always-on preventive approach to threats that can lead to the loss of sensitive enterprise data.
Stealth is a new and disruptive approach to addressing the contemporary security threats derived from a more connected world – a world filled with many wonderful new capabilities as well as many terrifying new cyber criminals and data extortionists.