“Automated theft” you say? Hmm, so if the data theft is automated does that mean the data security can also be automated? The answer is “yes”, and “it better be.” Data theft is lucrative business and according to the data security analysis by Gemalto and findings for 2015 of the Breach Level Index (BLI), “malicious outsiders” are the number one cause (58% of all cases). Without automated data protection, the speed and variety at which data breaches occur is simply unmanageable.
Deliberate and Accidental Data Loss
We’re all aware of the elusive “cybercriminal”, the malicious outsider wearing the balaclava with mad computer hacking skills. Then there’s the malicious insider, better dressed but still causing 14% of data breaches. Well-meaning hacktivists cause 2% of data breaches. Interestingly enough, “accidental loss” is the second-most prevalent cause with 24%! Mind you, it’s debatable how many accidents are actually caused by negligence.
Mind the Identity Theft
The BLI shows how 2015 was the year that data breaches “got personal”. Identity theft became the most prominent type of data breach in the world – 53% in fact – next to stealing credit card data and financial information.
Identity theft is a vast topic and has many sources and numerous methods cybercriminals use to accomplish: from the manual efforts of social engineering and phishing, to more elaborate automated schemes like ransomware and malware botnets.
Botnets Need Automated Data Protection
We focus on botnets since the topic is seldom addressed but the threat is equally potent in causing downtime. To safeguard against such an extremely robust enemy, the data protection is three-fold.
1. The Human Element
This is achieved through securing your company network by doing even the simplest manual tasks, like increasing browser security settings, never opening attachments unless its source has been verified, and ensuring your operating system and software has the latest security updates installed.
2. Automation is Key
Anti-malware providers make software available that is able to help counter a botnet attack. Specific anti-bot software installed on desktop computers use heuristics to recognise bots should they fail to be detected by the usual anti-virus software. For networks, more elaborate techniques are used like shutting down C&C servers, null routing DNS entries, or completely shutting down IRC servers.
3. Recover with Backups
The quintessential means of ensuring business can continue as usual after malware infections or data losses, is data backups. To be effective, these backups need to be scheduled to automatically run at regular intervals. And if your backups aren’t cloud-based, it is preferable that all data is mirrored to some form of off-site storage for redundancy. This will also help protect your data should the network be infected.