By Grigoriy Milis, CTO, RFA
The topic of securing corporate data has become impossible to ignore. Between high-profile breaches of retailers’ databases, the compromise of celebrity photos stored on the cloud, and state-sponsored theft of intellectual property, the number of potential avenues for cyber-attack can seem overwhelming.
There is good news and bad news in the world of data security: The bad news is that there is no singular magic bullet to ensure the security of your data. But the good news is that there are steps that can be taken to protect information, prevent attacks and prepare for possible breaches.
Some form of technology security must protect all servers, workstations, and network devices that are connected to the Internet. Passive technology, such as virus scans that run on a scheduled basis or firewalls that only block incoming network traffic, are simply not enough to keep data safe. Advances in design, however, mean that solutions are now available that provide real-time monitoring and alerting on any network activity that appears suspicious or anomalous with legitimate business traffic. Next-generation firewalls and intrusion detection and prevention systems (IDS/IPS) inspect details of inbound and outbound data that are not analyzed by legacy technology.
But there is a huge quantity of data that passes through networks, even those of small firms. In the past, technology employed to investigate network traffic could cause latency on networks, frustrating users and slowing the pace of systems that depend on Internet access. Today’s systems, though, are designed with speed in mind. The vast amount of network data may seem like it would overwhelm engineers with information to analyze and quantify, but IDS/IPS and next-generation firewall technologies can be deployed on a managed service model. This means that only urgent threats are escalated to your engineers, reducing internal workload while analysis and triage takes place behind the scenes.
Technology must work alongside an educated staff. Employees, from managing directors to traders to administrative staff, must have a clear understanding of how cyber attacks occur. As mentioned previously, every device that connects to your firm’s network is a potential target. Many exploits target human behavior rather than un-patched software and hardware, so an erroneous click on an official-looking but unsolicited email can lead to stolen data. Users can have their social media accounts hijacked, data on network drives can be force-encrypted, and malware can begin sending your most valuable information to third parties for financial and strategic gain. Regular employee training and informational updates help keep your staff members aware of their role in keeping corporate assets secure.
Even with a well-educated staff and the best technology solutions in place, a firm can still fall victim to a cyber attack. Counter-threat technologists and “white hat” hackers fight to keep pace, but increasingly sophisticated attack signatures are designed to remain undetected. This means that crafting an incident response plan has become a crucial part of every firm’s business continuity process. The incident response plan helps staff understand what they need to do in a situation when a breach has occurred. It includes identifying how the breach has happened, the extent of the breach and how to triage it and prevent it from taking place again. Having an incident response plan reduces panic while clearly outlining responsibilities before a crisis strikes.
Threats to cybersecurity will continue to evolve, but the dialogue between the technologists and businesses that fight these attacks will be ongoing as well. While there is still no single, reliable resource that will guarantee a secure network, a combination of next-generation technology, best practices on the part of staff and preparation for a breach scenario will minimize vulnerability and damage.
No Magic Bullet: Implementing Cyber-Security for Hedge Funds (TabbFORUM, September 25, 2014)