Data, the trophy of cyber war
I want to take this time to talk about the most critical component of cyber war. Data is the deciding factor of the success of any cyber-attack. Data can be the end game target of an attack, or data can be utilized to carry out other forms of attack. With data, an advanced persistent threat, also referred to as an apt, can identify vulnerabilities in critical infrastructures and can completely shut down its target. This danger has been demonstrated time and time again by the recent ransom-ware attacks such as wannacry, petya, and all mutated forms such as the most recent attack bad rabbit. Ransom-ware is designed to affect and restrict access to data because of its integral role in continuity.
There are three crucial areas to secure regarding data security. this is often referred to as the CIA triangle. Not to be confused with the Central Intelligence agency, the CIA in the security triangle is an acronym for confidentiality, integrity, and accessibility. This breaks down to ensuring that only an authorized person has access to the data, ensures that data has not been modified by an unauthorized person, and that data is available to an authorized person when it is needed.
There are many different deployment methods to obtain a complete CIA triangle but nearly all trickle down to three basic security concepts. They are to implement network security, endpoint security, and data security through encryption. These this method of security implementation is often called defense in depths or a layered defense. All three security methods must be applied to obtain true data security. There are many people that are under the impression that only network and endpoint security are needed to properly secure their data and often times, data encryption is overlooked. Network and end point security are great in restricting access to data, however they are not fool proof methods alone. If an apt is able to bypass both network and endpoint security either by utilizing malware or by gaining physical access to a device without data encryption in place, then the data will be vulnerable to exploitation.
When choosing a security system deployment, I highly recommend that some form of data encryption to be implemented, preferably a method of full disk encryption rather than simply a file based approach but anything is better than nothing. Windows does offer a free method of disk encryption called bytlocker but can possibly be tedious to implement and maintain depending on your network topology. Checkpoint also offers a product as part of our security suite called Sandblast agent that can be instigated and easily managed on both large and small scale environments.
As always, I recommend putting time into researching options out there and to choose what you feel will be most beneficial to you. Again I want to state how important it is to truly implement a complete defense in depths based solution that strongly adheres to the CIA triangle principles. Protect your network, protect your endpoints, and protect your data to give you the best fighting chance in this cyber war over data.