The modern enterprise spends millions of dollars on cyber security, yet the modern CISO can’t say in any specific detail what information is entering and leaving the firm. How sensitive is it? Who is sending it? Who is receiving it? Where is it going? As a result, everyday workflows where employees exchange sensitive information with external parties expose the firm to constant threats, including leaks, phishing, malicious files, and compliance violations.
These external workflow threats have a common theme: a user is the actor, and a file is the agent. Complete protection requires a defense that spans the full breadth of the associated threat surface: the collective paths of all files entering and leaving your organization.
For most organizations, the threat surface of external workflows is only partially visible and partially defended. You can’t really see it by scanning packets, because packets are on the wrong layer. You can’t fully defend it by scanning a file, because a file is only one point on the larger surface.
In this post, the first in a series, we’ll take a look at the nature of threats from everyday external workflows and introduce 5 key strategies to avoid a data breach.
The Threat Surface of External Workflows
Some cyber threats are more straightforward than others. Direct attacks, such as brute force login and denial of service, have a common recipe for defense: shut them off. Direct threats have simple threat surfaces. To defend against them, you just harden your shell. Close some ports. Strengthen your firewall. Shut them off.
Indirect threats that subvert everyday business activities, such as identity theft, internal leaks, industrial espionage, and malicious emails, are much more difficult to address. You can’t just shut them off, because shutting them off means shutting down the business. They have complex, intricate threat surfaces that are difficult to define and more difficult to defend.
These indirect threats all follow a similar pattern: bad actors exploiting everyday workflows where employees exchange information with external parties. Internal threats subvert outbound workflows by leaking a sensitive file out and external threats subvert inbound workflows by letting a malicious file in. Users are the actors and files are the agents. An attack can occur anywhere along the path of the file as it enters or leaves the organization.
To understand the threat surface of a single workflow, you can just follow the file. Who sent it? Who received it? What is in it? When? Where? How? To understand the full threat surface of all external workflows, you must visualize the collective paths of all files entering and leaving the organization.
Build a Stronger Defense Against External Workflow Threats
This blog series will take a fresh look at cyber security through the sharp lens of the external workflow threat surface. Future installments will explore the following five concrete strategies to visualize it, shrink it, and defend it:
- Visualize the threat surface with a CISO dashboard that monitors all sensitive content and IP that enters or leaves your organization, including the who, what, where, when and how of every file exchanged with an external party.
- Shrink the threat surface by constructing secure external and internal perimeters. Simplify external file sharing for users. Consolidate access to enterprise content. Eliminate shadow IT. Achieve cloud storage compliance.
- Harden the threat surface by encrypting data in-transit and at rest. Enforce secure file sharing with sanctioned channels. Enable enterprise content integration with content repositories like SharePoint and OpenText.
- Defend the threat surface against internal and external file threats. Employ tight governance over file transfers to prevent breaches. Inspect every file to block malicious incursions. Leverage external workflow metadata, such as origin, destination, time of transfer, and content sensitivity to increase compliance and control.
- Build a holistic proactive defense that spans the entire external workflow threat surface. Run every file through a gauntlet of best-in-class security solutions, including SSO, LDAP, AV, ATP, DLP, and SIEM. Develop benchmarks, heuristics and automation to move from reactive to proactive defense.
In the next post, we’ll explore the importance of visualizing the full threat surface of external workflows, including the creation of a CISO dashboard that provides visibility and trace-ability to all external file transfers.
Don’t want to wait? Download the eBook now!
Protecting Sensitive Content in a Dangerously Connected World
*** This is a Security Bloggers Network syndicated blog from Cyber Security on Security Boulevard – Accellion authored by Cliff White. Read the original post at: https://www.accellion.com/blog/5-strategies-for-protecting-sensitive-content-in-a-dangerously-connected-world/