Think Like a Hacker: Protect What They’re After

A New York Times article entitled “Hacked vs. Hackers: Game On” describes the current state of data security and a future state where high-value data gets the attention it deserves.

“In the last two years, breaches have hit the White House, the State Department, the top federal intelligence agency, the largest American bank, the top hospital operator, energy companies, retailers and even the Postal Service. In nearly every case, by the time the victims noticed that hackers were inside their systems, their most sensitive government secrets, trade secrets and customer data had already left the building.”

Lack of liability and urgency continues to evoke a “patch and pray approach” to data security. However, customers of companies that have experienced far-reaching data breaches and companies required to demonstrate their data is safe from all forms of intrusion–including government snooping—are demanding greater privacy protections.

These companies are taking a more layered and strategic approach to data protection. Rather than relying on technology to prevent penetration of all data, they are asking themselves, “What do hackers want?” and working to protect the most valuable data by isolating and encrypting it.

“That approach — what the N.S.A. has termed ‘defense in depth’ — is slowly being adopted by the private sector. Now, in addition to firewalls and antivirus products, companies are incorporating breach detection plans, more secure authentication schemes, technologies that ‘white list’ traffic and allow in only what is known to be good, encryption and the like.”

The future of security won’t be based on digital fences designed (but failing) to protect all data; it will be a strategic approach to preventing hackers from getting companies’ and customers’ most valuable data.