What Can We Learn From A Data Leak?
The cybersecurity threats are increasing in number and greater in their consequences. Today’s companies have to shield themselves and defend themselves from the different strategies by which criminals try to get hold of their most sensitive data, such as phishing or Ransomware, which are two of the most frequent attacks.
However, they also have to protect themselves from other types of threats that come from within. As we have already mentioned on previous occasions, an attack from inside the company is one of the endemic vulnerabilities in almost any context. This type of attack can be intentional or unintentional, that is, the employee who leaks data or causes it to leak may have had an active part in it, or may have been the victim of human error.
Be that as it may, data leakage is something that can happen, and it is important to know how to react to this situation, and learn how to avoid it happening again.
How to use a Data Leak to your Advantage
To understand how a data breach can affect the stability (even viability) of a company, it is possible to simulate it and draw lessons. In other words, we launch a simulated “attack” and check where our security is leaking, where it can be accessed and, consequently, we take action on the matter. Let’s see some similar learning strategies:
- Simulate a Ransomware attack. There is software that can allow us to simulate a network compromise, for example, a vulnerability in the supply chain. By using it, it is possible to understand what resources can be accessed, how far a potential attacker can go on the corporate network. In this way, it is quickly known which patches would be missing, which are the unsafe and vulnerable pathways.
- Check vendor software for vulnerabilities. By conducting security assessments for all software and SaaS purchases, we maintain control over all pieces of software that will interact with the business network. There are automated tools based on AI, but, in these cases, the intervention of a human reviewer is necessary to be more complete and effective.
- In-house developers are not best suited to check the security of their own code. It is recommended that someone outside validates the software developed, to avoid bias and, above all, to find malicious code and internal threats, if they exist. These types of controls are very useful when there is a management reorganization, when a disgruntled developer leaves, or when a merger or acquisition is taking place.
- It is essential to have up-to-date logs and to be able to access them. This is vital in order to have sufficient traceability to track a data leak. If these logs are only kept for a few weeks, we may have destroyed them when we learned of the data leak.
- Require suppliers to continuously assess the security and risks of their software.
There are only five actions to take into account, but we can see how they cover a wide spectrum of risks and possible threats. Complete security does not exist, but we can do everything we can to get as close to that 100% utopian as possible.