Cybersecurity action must catch up to interest: A lesson from “Snowden”

Across the country this fall, movie-goers settled into their theater seats, popcorn tubs balanced on their laps, and immersed themselves in one of the best-known data breach stories of our time. “Snowden” was no documentary in terms of its veracity, and critics had mixed feelings about the film overall. But the public spent $28 million on tickets to see it, and that says something about the level of interest in security these days.

What does it say exactly? Perhaps not what most experts would like to hear. As a society, we seem to be more interested in cyberfiction than actual cybersecurity.

Too many companies are still waiting for a disaster to land at their doorsteps before they take action to protect their data. Businesses are aware of security risks – the threat is so clear that Hollywood is making bank on it – but organizations have yet to get adequately proactive about protecting their most important asset: their sensitive data.

This is baffling, especially when a single malware attack can cost a small or medium-sized business as much as $100,000. That’s a painfully expensive lesson, and yet a Kaspersky Lab report recently found that 67 percent of survey respondents had learned this lesson the hard way, through complete or partial data loss due to a cryptomalware attack. Half of organizations said in the same survey that malware attacks are the greatest threat they face today, which makes sense – a single attack could wipe out their whole security budget for the year, never mind the cost in reputation damage and data loss.

Ransomware variants are constantly changing, so it’s hard for any security team to completely guarantee it can withstand an attack. However, there are plenty of steps companies can take before they’re faced with the no-win choice to pay a ransom or not.

Reducing risk has to start with data awareness. What sensitive information do you have? Where is it? Who can access it? You can’t lower your risk until you know how exposed you are. By assessing your environment, you can take informed action to shrink your potential attack surface.

Data awareness also involves monitoring data activity levels and automating the alert mechanism for suspicious activities. When you see rapid data change rates, you need to be ready to coordinate with underlying storage to automatically create snapshot copies of your files for easy recovery in the event of a ransomware attack.

You should also have forensic tools at the ready to help accelerate response and recovery after an attack. Among the facts you’ll need to ascertain quickly: when did the attack occur, where was the root cause, what was the total impact, and which files, file shares and virtual machines were affected? When you have the analysis capabilities to answer these questions immediately after spotting an attack, you’ll be in a much better position to quickly recover lost data and restore full operations.

Entertainment comes first in “Snowden,” and Hollywood can keep audiences engrossed with dialogue like, “Most Americans don’t want freedom – they want security.” Reality is more complex, of course. Businesses want the freedom that comes from security – but they need to take steps to get it.

Get informed about your company’s data security risks with a free audit.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.