Insider Attack: How Do You Protect Your Company Data?
Having a solid backup and recovery strategy is vital for today’s business environment. Traditionally, focus has been placed on external threats and natural disasters. However, recent data breaches have shown us the wisdom of recognizing potential weaknesses and threats from the inside.
It should be noted that not all internal threats can be classified as theft—some are the result of sheer incompetence. For example, an internal threat can be the result of deleted backups, lost or stolen backup media, lost or stolen endpoint devices, or simply the performance of actions that could not be undone due to sub-par backup systems.
Despite all of the precautions you take, it is still possible that an insider, like a disgruntled employee for example, will successfully attack. Therefore, it is important that you prepare for that possibility and boost your company’s resiliency by applying secure backup and recovery processes that are periodically tested.
Effective backup and recovery processes need to be in place and operational so that if security compromises do occur, business operations can be revived with minimal downtime.
Effective backup and recovery strategies should incorporate the following:
- Controlled access to sensitive process elements –these may include the facility where the backups are stored or the physical media itself.
- Separation of duties so no one person can make changes to the backup process.
- Accountability and full disclosure should be contractually required of any third-party vendors responsible for providing backup services.
- In most situations, multiple copies of backups should exist, with redundant copies stored off-site in a secure facility or in the cloud.
- An additional level of protection for the backups should include end-to-end encryption.
Some attacks against networks could interfere with common methods of communication, thereby increasing the disruption of organizational activities which will influence how quickly and how well a company can recover from the attack. This is particularly true of insider attacks because insiders are familiar with the company’s communication methods and, during an attack, could interfere with communications essential to your data-recovery process. The effect can be mitigated by maintaining trusted communication paths outside of the network. For example, a company may employ a cloud-based phone system to keep the lines of communication open in the event of a network outage, regardless of the cause.
We hope this article serves as a reminder that threats to business continuity can come from within just as surely as they can come from the outside. We urge you to shore up your defenses with cloud-based backup and recovery services now, so your business can carry on through whatever comes your way.