Johannesburg, 06 Feb 2013
Information theft is the most profitable crime in the world today, as well as the one posing the least risk to the criminal. In most instances, breaches are not done by mysterious genius hackers in Eastern Europe, but by insiders who have been given the keys to the kingdom as part of their jobs, while their other job is working for a syndicate.
With 75% of all information security breaches in corporations being against the company's databases, one must ask why more companies are not taking effective action to protect their most valuable asset, their information.
"If a stranger walked into your business and asked for the database administrator's password, would you give it to him? The answer, one hopes, is no," says Hedley Hurwitz, MD of Magix Integration. "That being the case, if you hire that stranger to look after your databases today and he starts work tomorrow, one of the first things he receives is the password and access to all your data."
Hurwitz adds that corporate file servers are even more poorly protected and even more at risk than databases. The data on file servers is completely unstructured, yet contains a variety of files, from spreadsheets to statements, business plans and payment data.
Protecting your data, whether unstructured or structured (database), requires specific tools and knowledge, as well as insight into the processes with which legitimate users access and use the data.
"When you know what legitimate access looks like, it will be easier to implement monitoring solutions that identify abnormal activities for further investigation," adds Hurwitz. "Monitoring solutions will also identify legitimate transactions that cross normal boundaries so that they can be verified before they are approved."
Hurwitz adds that there are four common mistakes companies make when seeking to secure their data.
1. Not evaluating all their options and choosing something that seems simple. There are many solutions purporting to secure your data, not all are as effective. Database administrators and IT managers need to ensure they know what their business requires, and examine all the options available before selecting one best suited to their needs.
2. Not monitoring access to the servers hosting databases. It's not only access to the data itself that is important, but also to the hardware, like the servers, that needs to be secured. It's no good allowing attackers into the server in the hopes they won't get to your data.
3. Making database administrators responsible for data monitoring. Database administrators are experts at making the database perform optimally; they are not security experts.
4. Choosing the cheapest option. You get what you pay for. This does not mean you have to opt for the most expensive solution on the market, but choose the one that meets your needs.
Securing data effectively requires a multifaceted approach incorporating tools, knowledge and constant user activity monitoring. The combination of these does not need to break the bank, but can prevent data loss from breaking the business.