Posted by: peterhact | July 17, 2012

Come on People! What will it take for you to realise that there is a problem??

Back when I was in retail, I always prompted customers to buy anti-virus software. Not just for the extra money it made me in commission, but for a much more basic need: I would have a day off, and there were people I worked with that didn’t get that you never give out staff’s home addresses and phone numbers. I have heard of colleagues who had many, many irate customers lobbing on their doorstep when they got a virus and lost a fair chunk of data. This was many years ago, too.

We have trained users to use antivirus software, malware protection, internet protection to stop the kidlets accessing sites you really rather they didn’t, they have been trained over many years, mostly since 1995. Okay, the concept is now firmly in their heads. What about backup? Well, that seemed to take off about 5 years ago. backup became important, if your data was lost, so was most of your business information.

Why is it that the cloud seems too scary, too foreign to use? Is it because it isn’t a tangible thing? That you can’t hold it in your hand, take it out of the box and install it? maybe. But the biggest problem that needs to be tackled is the protection of your business data. Not just from outside, nowadays the damage can come from within.

Now that users are trained in backup and protection, why is it so hard to accept that the data on a server may be protected from viruses, malware and backed up, but the access to that data, either internal users or external sources can bring everything down and won’t be picked up by the protection they already have?

I am talking about malicious destruction, malicious theft, malicious acts that are intended to hurt either the business or the clients it supports. As our data grows, we buy storage solutions to house it. It continues to grow. How can you protect the data from attacks? How can you tell that an attack is happening as it is happening?

For example:

1. J has been working for the company for 3 years. His team has been downsized, but he knew this was coming, and has downloaded and saved several key client files onto a disc. He will use them at his new employer to get the jump on the current employer. He is pretty savvy, and has deleted the files he has copied off the server. As far as the system administrator is concerned, those files have ceased to exist, therefore they must have been J’s “personal” files. It is only till much later that it is realised what actually has happened, but there is no proof, no capture of the activity to be able to prosecute J. Why is personal in inverted commas? It is my belief that anything created on a computer system owned by a company is that company’s property. Send files from your work computer, you are stealing information that is the company’s. It could be an email about a party on the weekend, it could be a file that is actually illegal music, it doesn’t matter. The data has gone, in J’s case, it has gone to a competitor and is being used to diminish the old company’s client base.

2. M has been trying for months to access the data on a company server. When J left, his passwords were reset, so that is not an option. The company has a web portal that is very basic, and M has his way “in”. He accesses the data from outside the company, from an internet cafe. He uses specific software tools that allow him to exploit a known vulnerability and he is in the server, browsing the data and downloading items of interest. He changes the web page to read that the company hates all their clients and they can all go jump. The software is pretty advanced, and he can gain control of the servers and do whatever he wants. The system administrator has no clue what is going on until the client calls start. By then, it is far too late. If M is really malicious, the data he gleans from the servers could find their way onto another website – listing all of the important private data for each client.

These examples are happening right now. Data is being lost every day, through malicious acts and industrial espionage. Sounds Paranoid? I wish that it was just that. The solutions are complex only if you let them. There are products out in the market that protect servers and data, but getting a client to commit to these solutions is a very slow process. Even as other companies are publicly being attacked and their data shared, The price to fix and protect servers from attack becomes that main focus – and the companies, departments, schools sit unprotected or have basic protection created from desperation by system administrators who can see that it is only a matter of time till they are in the crosshairs of these individuals.

One of the brands that has a solution in this market space is imperva. The technology is smart, the methods to enable protection are technically complex, but the big thing to consider is that the products cover several areas of protection, from web application firewalls, to file access management and database access management. They even have a cloud solution. It is worth looking at their offerings – even if it is just for research right now, understanding the products now may be beneficial later on if the need arises. The key differentiator for me is that the devices can operate in real time – telling you that an attack is occurring as it is happening, instead of telling you after the fact, when it is far too late. The site is and, as I research many products in my current role, this is one of the technologies that is of interest to all businesses, government departments and educational institutions.

Anywhere that has sensitive data, personnel files, student information, medical records, legal documents etc, they are all potential risks for an organisation. Having a solution that can protect this information is better now than after it has been taken.

I just hope that the learning curve that we have witnessed over the years for other forms of protection is not as long as it was before.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: