After the Breach

Last week a historic data leak was discovered. While the long-term impact of this stolen data on the victims is still unknown, we can expect the damages to be high. According to IBM, the average cost of a single data breach globally reached an all-time high of $4.45 million in 2023. Investing in prevention technologies alone is no longer the answer. And just this week energy management and automation giant Schneider Electric made headlines when it was revealed that the company suffered a Cactus ransomware attack leading to the theft of terabytes of corporate data.

Organizations need to understand that breaches will happen and must protect their critical assets, from customer and employee data and intellectual property to financial data, business plans and even source code.  Data should be protected at every stage, from when it enters an organization until it is destroyed. In this piece, we will look at why data is so difficult to secure and share valuable insights to help you develop a strong and effective data lifecycle protection.  

Begin with data protection

Organizations increasingly are moving away from perimeter-based security to adopting a Zero Trust framework. Today “identity” is the new perimeter. In fact, the first two tenets of the Zero Trust framework are “verify the identity of every user and device requesting access” and “enforce least privilege,” which is to help organizations prevent unauthorized access to data. This is an outside-in point of view. However, the third tenet, Assume Breach, takes a different perspective. Now the question you are asking yourself is this: Okay, despite all of my layers of security, a bad actor has gotten inside. How do I mitigate the damages he can do? What can I do to further reduce the risk that my data is stolen? This is an inside-out point of view.

This is where our story begins – the data: Where is it created? Where is it stored? How is it used? When is it no longer needed? How is it destroyed? The enterprise needs to look at every stage of the data lifecycle and ask:  How am I protecting this data?  What could I do to help minimize damages if someone breaks through one or more layers of my security?  Do we have all the protections for the complete data protection lifecycle?  

Remember, data lives everywhere – from mainframes and corporate devices to hybrid multi-cloud environments. And as the data grows, so does the risk. For example, let’s say data comes into the organization and goes into a single database. You then find that you’re replicating it five times to other databases or other user stores. Ask yourself:  Is this necessary? Do I really need to create five targets for malicious users to run my business?  Some organizations have the same data in a hundred different places. All you need to do is make a mistake in one of those places, and you put the data at risk. Understand what data you have and, if it is in multiple locations, consolidate it – it’s easier to protect one spot vs. hundreds.

A Data-centric approach to security means that every decision made, every policy enforced and every action taken is done so with Data Protection top of mind. A data-centric implementation depends on strong DLP applied at every control point, applying consistent policy for web, SaaS, and private applications. DLP offers protection for data in-use, in-motion and at-rest. But it does not end there. As the ultimate safeguard, there’s a  last line of data-centric protection – Encryption. 

Encryption: The last line of defense

In our recently published ebook, “Welcome to the Jungle: Safeguarding your most valuable asset – your data,” we provide a great overview of the data protection challenges and provide five valuable best practices that can help address your data lifecycle protection strategy. While I encourage you to download this resource to get our complete recommendations, let’s take a closer look at one of the five best practices, “Encrypt data that is in your custody, and fully destroy it when it is no longer needed.”

Regulatory requirements make encryption a necessity for many companies. Those needing to comply with regulations such as Continuous Diagnostics and Mitigation (CDM), Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and the EU General Data Protection Regulation (GDPR) must implement an auditable encryption solution to protect the privacy of customer data. Encrypting data is also the last line of defense – if adversaries have gotten through every layer of your protection, they can’t access it. It’s your last opportunity to mitigate the impact post-breach. 

The Symantec PGP® Encryption Suite is a new bundle that provides flexible data-at-rest and data-in-transit protection through three product offerings. Symantec Endpoint Encryption combines strong full-disk and removable media encryption with an intuitive central management platform to protect sensitive data from loss or theft. It also helps administrators prove that a device was encrypted should it go missing. Symantec PGP File Share Encryption extends file server access controls to include robust end-to-end encryption. Administrators can set encryption policies for content such as documents, spreadsheets, presentations, videos, and audio. 

The Symantec PGP Encryption Suite also provides the option to secure data in motion through a third product, Symantec Desktop Email Encryption, which protects email communications through automated encryption, decryption, digital signing, and message verification. This encryption process takes place at the client level, ensuring that communications remain secure prior to traversing internal networks or being stored within cloud repositories. You can find more details about the role this solution can play in your overall data protection strategy in our solution brief, “Safeguarding Data throughout Its Lifecycle.”

What’s Next

With the governor’s signing of New Jersey’s privacy law on January 16, 2024, New Jersey became the 14th U.S. state to pass a comprehensive data protection law. As we look ahead to the rest of the year, we can expect the need to protect data to continue to evolve and penalties to climb. The good news is that there are steps you can take today to mitigate your risk. We invite you to reach out to Broadcom to see how we can help.