Individuals today expect the companies holding their personal identifiable information (PII) to be diligent and cautious in protecting those resources. But trust has been seriously eroded following a number of major data breaches across the world. As a result, governments around the world have introduced new laws and regulations that prescribe what organisations must do to protect data.
Laws such as the General Data Protection Regulation (GDPR) in the European Union, National Data Breach (NBD) notification rules in Australia and New Zealand's updated Privacy Bill all differ in their detail. However, they all focus on one primary principle: the protection of PII.
These new laws and regulations rely on a common assumption - that organisations holding PII data know what they have and where it is stored.
The risks associated with a data breach are not insignificant. At an investor briefing in 2016, Australian electricity retailer AGL said if a data breach occurred and 0.5% of their 3.5 million customers moved to other retailers as a result, resulting in a loss of about $1.75M of revenue. They would then to need spend around $15 per customer in order to get back the number of customers they projected to lose. That adds up to a total cost of about $2M for a relatively small breach
Add to that the potential fines for non-compliance with data protection rules and the long term hit on company reputation and the $2M could be just the tip of a very large iceberg.
But there's more. Malicious software can prove to be costly. One of the newly emerging forms of malware steals CPU cycles in order to mine cryptocurrencies. While this may seem relatively harmless, it can have a significant cost. The CPU cycles that are stolen use electricity, driving up the costs of operating your servers. Based on current energy prices and the amount of processing required, a single Bitcoin requires about $9,000 of energy to produce. If cryptojacking software sits in the background, quietly stealing CPU cycles and electricity, it can result in a trickle of dollars disappearing from the company's coffers.
The key to detecting malicious activity on your network is to understand what assets you have, how different systems communicate with each other and the outside world, and what normal system activity looks like on your network. Once you understand normal, you can create a baseline so that anything outside the expected conditions can be identified, investigated and acted upon.
That understanding needs to go beyond network switches and server. It also has to cover the actions of your users so that intentional or accidental actions don't result in data loss. That level of monitoring will also identify if any malware has made it past your other protections to end-point devices, even if it is dormant and waiting for some trigger before executing.
“All businesses have specific assets that are more valuable than others.” James Meuli, Solutions Architect, Fortinet at Ingram Micro said. “That value might be determined by the profit it delivers, the need for regulatory compliance or some other driver. It is important that businesses understand what their most valuable assets are so that they can target protections appropriately.” It's easy to be distracted by the latest "threat of the week". But those issues may not be the biggest problems you face. For example, in the wake of the Spectre and Meltdown issues that were publicised this year, ransomware remained a far more damaging problem.
As businesses prepare for the GDPR and other regulatory changes, what steps should they take to prepare for the new regulatory regimes and, more importantly, protect the PII they are entrusted with?
The first step is to know what data you have. That will require the use of a tool that can intelligently query your network and provide a baseline understanding of all the resources it holds and activity that take place. That includes understanding user behaviour.
You then need a tool that can understand how your network is being used and alert you to anything unexpected or anomalous. That includes finding malware that is dormant but waiting to do something.
Fortinet’s Cyber Threat Assessment Program (CTAP) can interrogate your environment and deliver actionable advice that will help you make decisions so that you target your efforts and resources where they are most needed.
For example, one company used CTAP and discovered three pieces of previously undetected pieces of malware, over 100 unknown applications, about 20 audio/video streaming applications consumed over a third of their organisational bandwidth as well as other attempts to install malware. Armed with that data, Fortinet channel partner was able to assist that business to put security measures in place that addressed their specific risks.
Fortinet partners can brand the CTAP report as their own and use it to leverage Fortinet's expertise and turn that into new and expanded business opportunities.
As companies ensure their systems are compliant with the GDPR and other regulatory regimes, carrying out a targeted assessment that delvers actionable advice is important. CTAP allows Fortinet's partners to support their customers and deliver products and services that will make a difference.
Contact Ingram Micro Solution Architects James and Rod to learn how easy it is to run a CTAP for your client.