The worrying number of hacks into big players in the publishing industry tells us that publishers are not immune to ransomware and malware attacks. Some examples include malicious or accidental misconfigurations, hijacking of user accounts caused by poor encryption, identity management, lack of process controls, and data leakage from insecure API’s. The overall risk has been exacerbated by the growing work-from-home environment and a slow adoption of data protection software.
Let’s face it, the industry is vulnerable because most publishing companies are continually buying, selling, and moving packets of high-value intellectual property over the internet. That level of activity evidently presents a lucrative target for criminally inclined minds. In addition, in order to build their community, publishers are collecting more and more data from consumers through social networking and online targeted marketing efforts. This can leave readers (and publishers) open to attacks if strong data security measures are not put in place.
The threat is increasing. According to the Cost of a Data Breach Report 2021 published by IBM, the global average cost of a data breach increased by about 10% in 2021.
The industry is beginning to take this threat seriously. This is not just to protect valuable assets and competitive advantage, but to comply with customer demands and emerging industry regulations such as CCPA, PCI DSS, and GDPR. If there was any doubt, on February 1st 2022, The Bookseller reported that the education giant Cengage Group agreed to acquire cybersecurity education provider, Infosec, for $190.8m, a clear indictor that data breaches remain a clear and present danger.
On-Premise or Cloud
The need to tighten data security applies regardless of whether a company’s data is stored in on-premise servers, or, as is increasingly the case, in the cloud. The benefits of operating cloud applications can be very attractive. They can allow publishers to reinvent their offerings, and become more cost-efficient, agile, and innovative in how they operate their businesses.
Security was perhaps a weak link in the very early days of cloud computing, however today, these concerns are largely overcome. Most cloud platforms deliver the highest levels of security, data integrity and backup/recovery facilities. This is because they make huge investments in resources and technology, along with a skilled team of IT experts and engineers that publishers often can’t afford to do by themselves. SaaS providers now handle much of the security for cloud applications, securing the platform, network, applications, operating system, and physical infrastructure.
Breaches Caused at The User Level
However, even though data security provided by the cloud provider may be strong, breaches can still be significant if publishers do not install strict processes and procedures at the user level. As use of the Internet is now widespread at every company, the need for control is shifting to the end user.
Most companies are smart enough to prohibit access from uncontrolled personal devices, but when data is stored in siloed systems across multiple apps, in a web of accounts, files and assets, it’s often very difficult to manage compliance. Left to themselves, end users will often change control file settings, create their own user groups, install third-party apps etc., and this often leads to ugly data-breach headlines. Gartner estimates that 95% of cloud security failures are the customer’s fault.
To avoid security breaches, publishers must implement improved security processes. It’s easy to fall into the trap of solely providing developers and data users with permissions to any cloud resource and ignore the additional processes and procedures that are now necessary in the new environment. These processes need to be identified and installed from the beginning, or the business will be exposed to all manner of illegitimate access. Publishers must take the following steps:
- Create secure procedures around data access
- Utilize modern data encryption
- Take advantage of data protection software
Let’s explore each step in a little more detail.
Develop Procedures around Data Access
First define the specific data you want to protect. Personal Identifiable Information (PII) is clearly sensitive, covered by GDPR for example. Company information such as financial data, contract details, HR, accounting, billing qualifies, in addition to IP and other assets. You will need to identify where this information is stored, how it moves inside and outside your organization, and who has access to it.
Once this data inventory is complete, publishers can set specific protection mechanisms and controls necessary to protect it. The average organization uses many more unique cloud services than their IT departments are often aware of, some of which are very high-risk services.
Publishers can deploy Cloud Access Security Brokers (CASB) to audit their networks for unauthorized cloud services and compromised accounts. Onboarding and offboarding procedures typically need improvement. Collaboration controls can detect granular permissions on files that are shared with other users, including users outside the organization who access the file through a web link. Employees may inadvertently or intentionally share confidential documents through email, internal collaborative software such as MS Teams, and cloud storage sites such as Dropbox.
Uncontrolled USB ports can easily become a threat for publishing companies. Removable drives can lead to sensitive data loss due to their small size and pervasiveness. Note that USB-based threats are not limited to storage drives: any device that connects through a USB port, including phones and printers, presents a risk of data loss.
Everyone inside the organization needs basic training on basic cybersecurity principles, best practices to ensure the safety of sensitive data, and threat avoidance. This includes educating employees on not clicking suspicious links, ensuring that the system, antivirus, and other applications are up-to-date, and not sending sensitive company information through insecure channels.
Encrypt the Data
Data encryption protects both stored data and data in transit between the end user and external applications. Sensitive data such as financial information and PII should always be encrypted. In the case of cloud apps, this service may be provided by the cloud provider or enhanced by other solutions such as by implementing a cloud access security broker (CASB).
By encrypting computers’ hard drives, you can ensure that no matter how a device is booted up, users without a decryption key cannot access the contents. This is typically provided by the OS including Windows and macOS, for example. You can also use these tools to encrypt files and folders, ensuring that even if someone gains access to a work computer, they cannot steal any critical data on it.
Securing sensitive data on USBs and removable devices with encryption will ensure that employees take advantage of the convenience without jeopardizing company data.
Use Data Protection Software to Protect Your Assets
Antivirus software and firewalls are essential to guard against outsider attacks. However, publishers must also ensure that sensitive information is not lost or stolen through employees’ neglect or malicious intent. Data Loss Prevention (DLP) software detects and prevents sensitive data from being downloaded to personal devices and blocks malware or hackers from attempting to access and download data.
Companies must ensure that end users do not gain access to more resources than they require for their jobs. A role-based Identity and Access Management solution (IAM) solution uses processes and user access policies to determine what files and applications a particular user can access. An organization can apply role-based permissions to data so that end users will see only the data they’re authorized to view.
Advanced malware prevention includes technologies such as behavioral analytics and real-time threat intelligence that can help detect and block attacks and malicious files that spread through cloud email and file sharing applications. Cloud access security brokers (CASBs) protect enterprise data and users across all cloud services, including SaaS, PaaS, and IaaS. According to Gartner’s Magic Quadrant for Cloud Access Security Brokers, CASBs detect threats and provide IT departments with greater visibility into data usage and user behavior for cloud services, end users, and devices. CASBs also act immediately to remediate security.
Prepare and Plan
In summary, IT professionals are often blindsided by malicious and accidental end-user activities like publicly shared files and loose permissions and controls on access to data that moves through their domain. With careful planning and execution of process and technology, the risk to many publishers can be minimized to an acceptable level.
Source materials used for creation of this blog are:
The knk blog team fills the knk blog with content, new posts and replies to comments.
We welcome your comments!