eqlpy - Python bindings for EQLCheck out the eqlpy repo 

Challenges and Best Practices in Enterprise Data Protection

CipherStash Avatar
CipherStash Team
enterprise-data-protection

Large enterprises face especially difficult data protection challenges. These challenges are exacerbated by the scale and diversity of the data they collect and store, the complexity of enterprise organizational structures, the likelihood of facing targeted attacks, and the difficulty in coordinating thousands of employees to move quickly to mitigate risks.

It's no surprise that enterprises are struggling to meet this significant challenge. In a survey of more than 4,700 enterprise security practitioners globally, researchers found that 55% of large companies are not effectively stopping cyberattacks, and the number of successful breaches jumped 31% over the previous year, averaging 270 per company

How does the scale of a business's operations uniquely affect its data protection needs?

The scale of a company's operations significantly impacts its data protection needs, creating unique challenges and requirements. Let's look at some of the crucial issues faced by enterprise-scale companies. 

1. Volume of data  

As businesses grow, companies collect and process enormous amounts of information. Large corporations, especially those that operate internationally, typically include dozens of departments and an extensive network of business units. This means that the data they collect is often more diverse and extensive than the data collected by smaller organizations. Diverse data can include structured, unstructured, and semi-structured data, each requiring specialized security measures. Implementing effective encryption and access control mechanisms that work across different data types and storage systems can also be challenging.

An enterprise that illustrates the challenges of securing data at scale is Google. Google is reported to process 3.5 billion search queries daily, an extremely sensitive form of data which, if associated with a specific user, could provide a full picture of both their work and personal life. And yet, this is just one example of sensitive data that Google must protect, alongside data from YouTube, Gmail, Google Drive, and a myriad of other Google services.

2. Global regulatory requirements

Large multinational corporations encounter unique challenges when it comes to information security, such as complying with regulations and laws in various countries. One example is GDPR. On the one hand, it simplifies compliance standards within the European Union, while on the other, it poses challenges when operating across borders. Various sectors and countries will have their own corresponding compliance regulations and legislation—so establishing uniform security standards is crucial. Global enterprises often have to comply with dozens of local data protection legislations, resulting in a complex legal landscape when maintaining privacy and security across borders.

3. Targeted attacks

High-profile enterprises are frequently the targets of sophisticated cyber attacks due to their higher visibility, larger digital footprint, and their large volume of data assets. Tracking and preventing these attacks is an enormous challenge, one which many enterprise organizations are struggling to overcome. In a 2021 study by Accenture it was reported that while enterprises are increasing cybersecurity spending, this increased spend isn’t resulting in a decrease in security incidents. On the contrary, incidents increased by 31% over the previous year.

5. Flexibility and ease of implementation

Operating at a large scale reduces flexibility and makes it difficult to implement wide-ranging cybersecurity measures, even though large companies can afford to invest in more complex and customizable solutions. However, difficulty of implementation and operational management frequently slows down progress and hampers decision-making, resulting in well-publicized incidents where critical technical solutions or security patches have taken months to be implemented.

One example is the infamous WannaCry ransomware attack in 2017 which exploited a known vulnerability in Microsoft operating systems, known as EternalBlue. Although a patch fixing the vulnerability was available two months before the WannaCry attack, many large organizations, including the NHS, failed to implement the patch in time. In the case of the NHS, an internal department warned the organization about the importance of patching the vulnerability months before the attack. However, the advice was in many cases not heeded, and the department was found to have no mechanism in place for assessing whether other departments and local NHS organizations had complied with their advice.

6. Employee awareness

Managing employee awareness of cybersecurity threats can become more complex in large, globally distributed organizations. Challenges can arise due to the scale of the workforce, high staff turnover, and global operations, making it challenging to create tailored programs. Language and cultural barriers, outdated systems, bureaucracy, and resistance to change introduce additional challenges when attempting to implement effective training programs.

enterprise-data-protection-2

What types of data are particularly sensitive or at risk in enterprises?

Enterprise-scale companies are processing, storing and utilizing data at a scale that would have been inconceivable even just a decade ago. The management of this data is crucial, as any leak can lead to significant financial losses and the erosion of customer trust. Consider the following types of data and how they may be integral to the operation—and security—of a large business.

1. Personal and banking data

Personal data such as names, addresses, phone numbers, and especially credit card data are frequent targets for cybercriminals hoping to make a quick financial gain. A recent government report from Australia highlighted that from January to September 2023, 70% of data breaches were the result of criminal activity, with ransomware being the most common cause of a cyber incident.

Companies that collect and process financial data—including finance and ecommerce sectors—are at high risk of attacks and cyber theft. The Equifax data breach made worldwide headlines in 2017 with more than 150 million records leaked—only to be dwarfed a few years later when 885 million sensitive documents were exposed in the First American Financial leak. This all serves as further evidence of the critical importance of protecting personal data. Employee personal details, including salary information, may also attract malicious actors.

2. Medical data

Medical information, such as physician records and personal payment data, is highly confidential. Leakage of this data can result in severe privacy breaches and life-threatening health impact. 

An example of such impact was the previously mentioned WannaCry attack in 2017, which significantly affected the healthcare sector in the United Kingdom. The malicious encryption of hospital computers resulted in temporary shutdowns, delays in medical services, and the cancellation of surgeries, causing problems with access to medical records and data management. This attack also created the risk of confidential patient data leakage, undermined public trust, and emphasized the need to enhance cybersecurity in the medical field.

3. Intellectual property

For many companies, innovation and intellectual property are vital assets. A breach in this area can lead to loss of competitive advantage and significant financial losses, including bankruptcy and business interruption. In 2018, Sinovel Wind Group, a Chinese company, was convicted of stealing trade secrets related to wind turbine technology from the U.S. company AMSC. Sinovel convinced an AMSC engineer to download source code for the company’s wind turbine software before joining Sinovel with the stolen source code in-hand. The theft enabled the Chinese company to manufacture duplicate products and resulted in AMSC losing over $1 billion and laying off more than half of its workforce.

4. Commercial and financial information

Accounting information, financial transactions, and commercial plans of companies are also targets of increased hackers' attention. The leakage of such data can seriously affect a company's financial position and reputation. For a large corporation, the loss of financial information can be very costly and affect the overall market situation. 

In May 2021, JBS USA faced a major cyberattack, causing significant financial losses. JBS USA is a global enterprise with over 78,000 employees and is often referred to as the world’s largest meat supplier. The company was forced to suspend operations at key production plants in the United States, Canada, and Australia, leading to disruptions, sales decline, customer losses, and additional expenses for system restoration and cybersecurity measures. A notable financial impact was the forced operational downtime, resulting in substantial sales losses and customer attrition. The company paid a ransom of $11 million in cryptocurrency to regain system access, highlighting the crucial role of cybersecurity for large corporations and their susceptibility to cyber threats.

5. Big data and analytics

As data volumes increase and analytics technologies evolve, big data has become a target for hackers who want to access valuable information resources and use them for fraud or espionage. The volume, velocity, and variety of big data sets make them particularly difficult to protect.

For example, the large volumes of data collected by enterprise organizations may encourage rushed decision making and human error in deciding how best to store the data. The rapid rate at which big data is generated, processed, and transferred, often involving multiple chained systems and transformations, can increase the risk of data being exposed or leaked during these extensive operations. Finally, big data often includes a wide range of data types, from structured data in databases to unstructured data like emails and videos, each requiring dedicated security measures. However, the use of emerging technologies like encryption-in-use shows promise in helping large organizations to secure complex data flows.

What are the most common data protection challenges in enterprise-scale organizations based on the data?

Every day, large organizations are facing increasing threats to data security across several key attack vectors.

1. Inadequate protection against insider threats

Insider threats—whether intentional or accidental—pose a significant risk, manifesting in stolen, leaked, and damaged sensitive data. For instance, the actions of an employee at the French bank Societe Generale resulted in estimated losses of $7 billion.

Compromised insiders have often been implicated in high-profile ransomware attacks, which are becoming increasingly more common. According to the analysis published in the IBM Security X-Force 2023 report, more than a quarter of attacks involved extortion against organizations. Observed cases of extortion were frequently achieved through the use of Business Email Compromise (BEC) attacks, a type of phishing attack which aims to exploit the access of trusted insiders.

2. Insufficient system updates

Insufficient system updates pose a significant risk for many companies. Outdated software products and operating systems create vulnerabilities that can be easily exploited by cyber attackers. Effective defense requires regular and timely updates, including security patches. However, despite their importance, system update processes are often difficult to execute within large organizations. This may be due to various factors such as complexity, legacy systems, lack of resources, insufficient awareness of cybersecurity, or even fear of potential disruptions to system operations as a result of updates. Inadequate attention to system update processes has been implicated in multiple high-profile cybersecurity incidents, including attacks on Equifax and British Airways.

3. Ineffective threat management and security policy

The lack of an effective threat management strategy or security policy poses a significant threat to modern enterprise companies. Organizations must develop and implement robust data security plans at every level of operation, and conduct regular maintenance of both the implementation of the plans, and the plans themselves. A surprising number of high-profile data breaches involve a lack of basic security controls like encryption, multi-factor authentication (MFA), patch regimes, and appropriate access control policies. A recent example of this was the Log4Shell exploit, a remote code execution vulnerability which affected the popular Java logging library Log4j. A lack of patching and a failure to implement adequate security measures meant that this vulnerability impacted some of the world’s largest organizations, including CISCO, IBM and VMware.

4. Inadequate endpoint protection

With the increase in employee mobility and remote workstations, endpoint protection is becoming an ever more vital aspect of security. Companies must take note of the uptick in endpoints associated with a remote workforce and make appropriate adjustments, including providing employees with specialized secure equipment, like Yubikeys, and security software, such as corporate VPNs and antivirus software. Inadequate device security measures and weak security policies for remote endpoints, such as employee home computers, can give attackers access to corporate data. As mentioned previously, the LastPass data breach involved an attack on an employees’ home computer.

What role does vendor risk play in data protection for enterprises?

Monitoring and assessing vendor risk is critical to data security, particularly for enterprise companies whose reliance on vendors to provide ancillary technologies and services is far-reaching and complex. Playing a pivotal role, vendor risk can significantly impact the protection of the confidentiality and integrity of information. Let's look at its role and how companies can minimize their risks.

1. Data access

Suppliers often require access to company data to support the services they provide. This may include access to sensitive corporate data such as customer lists, financial information, etc. A supplier's inadequate security controls can lead to information leakage, threatening the company with loss of customer trust and legal consequences. In 2013, Target Corporation suffered a major cyberattack due to hackers exploiting a supplier's credentials. The attackers installed malware on Target's payment terminals, collecting customer card data.

2. Data processing and storage

Many vendors process and store their customers' data on their own servers. A vendor must have sufficiently strict security policies regarding data processing and storage, or it may jeopardize the integrity and confidentiality of corporate information. Inadequate security measures can lead to unauthorized access and use of this data. For example, in 2021 a vendor for Volkswagen Group of America left unsecured data on the Internet which was later accessed by an unauthorized party. This breach affected 3.3 million customers and exposed sensitive information like Social Security numbers and loan numbers​​.

3. Supplier cyberattacks

Suppliers that hold information about multiple companies are very attractive targets for cybercriminals. A successful attack on a supplier can seriously threaten data security, especially if it has direct access to corporate systems. This includes interception of sensitive data, infiltration of infrastructure, and utilization of resources for attacks on clients. Regular checks and monitoring of supplier security are essential precautions. 

How can businesses vet and manage vendors to mitigate data protection risks?

Effective vendor management is critical to an information protection strategy in a rapidly evolving and global digital economy. Suppliers may provide access to sensitive data, so controlling their security is essential to ensuring the integrity and confidentiality of information. Let's look at the key strategies companies can use to vet and manage suppliers to mitigate data security risks.

1. Vendor security assessment processes

Before engaging with a vendor, a thorough assessment of its security systems should be conducted. This includes auditing the technical infrastructure, security policies, incident reporting procedures, and the degree of compliance with security standards. These are some of the most common frameworks to consider when evaluating vendor security and privacy controls:

  • NIST Cybersecurity Framework, developed by the National Institute of Standards and Technology: provides a set of voluntary standards, guidelines, and best practices for managing cybersecurity risk.

  • GDPR (General Data Protection Regulation): While focused on data protection and privacy in the European Union, compliance with GDPR principles is often a consideration in vendor assessments, especially for organizations handling EU citizen data.

  • CIS Critical Security Controls: Developed by the Center for Internet Security, these controls offer a prioritized set of actions to protect organizations and data from known cyberattack vectors.

2. Drafting clear contracts

Contracts with vendors should contain clear commitments to data security. These should include access policies, encryption requirements, security notification obligations, responsibility for security incidents, and contract terms and conditions.

3. Regular audits and monitoring

A one-time security assessment is not enough. Companies should regularly audit and monitor supplier security throughout the contract's life. This will allow for timely identification and remediation of potential vulnerabilities.

4. Enlisting cybersecurity experts

Companies should consider engaging external cybersecurity experts to assess and monitor supplier security, particularly in cases where a supplier will be given access to highly sensitive data. This may include conducting penetration testing, audits, and providing security advice.

5. Strict access control policies

Establishing strict data access management policies, including for vendors, will minimize the risks of information leakage. Access should only be granted to those vendor employees who need it to perform their duties.

Vendor risk plays a significant role in a company's data security, and effective management requires a concerted effort from both companies and vendors. Transparency, strict security standards, establishing clear contractual obligations, and active participation in data protection processes are critical elements in minimizing this risk.

enterprise-data-protection-3

Which data protection best practices are particularly useful in enterprise organizations?

Effective cybersecurity strategies can prevent information leakage and cyberattacks and ensure that corporate resources are well protected. Let's look at some of the best practices particularly useful in an enterprise environment.

1. Sophisticated passwords and multi-level authentication

Using complex, unique passwords to access systems and resources is the first step in security. Multi-level authentication (MFA), which requires additional proof of user identity, is an extra layer of protection. Large-scale organizations should implement identity management practices, ensuring centralized control over the permissions granted to employees.

2. Regular updates and patches

Updating software and operating systems is an effective means of preventing attackers from exploiting vulnerabilities.

The 2017 Equifax attack was successful due to the company's inability to promptly address a known vulnerability in the Apache Struts software. Despite being alerted to the issue, insufficient response and a delay in installing the patch allowed attackers to carry out the breach successfully. This case underscores the importance of swift responses to vulnerabilities and regular system updates to maintain security.

3. Training and testing of personnel

Employees are often the weak link in security. Falsified emails posing as official requests from management deceived uninformed staff. Regular cybersecurity training and phishing tests help raise awareness and protect the organization from social engineering.

4. Data encryption

Encrypting data at rest, in motion and in use provides an additional layer of privacy. Encryption protects data from unauthorized access. Even if attackers gain access to the data they can’t decipher its contents without the appropriate decryption keys, which should be securely stored using key management software like ZeroKMS.

5. Access management and role-based policies

Restricting data access to only necessary employees and implementing row-level access policies can prevent unauthorized access and reduce the risk of information leakage. Restricting access to backend systems to only those who need it on a “needs to know” basis is vital—closing loopholes which could allow high-level access to the company's systems via users or administrators.

6. Monitoring and incident detection systems

Improved detection and response methods are crucial against evolving cyber threats.

Installing incident monitoring and security information and event management (SIEM) systems allows you to respond to potential threats in real-time. Behavioral analytics systems help identify anomalies and unusual behavior on the network. Such capabilities are especially in demand for online banks and other companies that accept user payments and are therefore high-profile targets for financial fraud. 

7. Recovery and physical security

Physical security plays a critical role in data protection. While regular backups and testing of recovery procedures are essential steps to ensure data resilience in the event of a cyberattack or technical failure, attention must also be paid to the physical aspects of security. Restricting access to servers and equipment, utilizing video surveillance and access control systems can help prevent physical threats. In light of recent world events, companies should carefully select server locations to avoid localized conflicts in the area where the equipment is located.

8. Collaboration with external experts

Collaborating with external cybersecurity experts allows you to conduct a security audit, identify weaknesses, and develop strategies to address them. This step is justified even if a company has an in-house security expert and an established security policy. Sharing experience and a fresh perspective allows you to look at the situation from a new angle and find solutions that were not obvious before.

Ensuring data protection in large organizations requires a comprehensive and systematic approach. Combining best practices allows you to build a robust defense against cyber threats, providing reliable protection of your company's data and systems.

Conclusion

Data protection is an integral part of the successful and secure operation of large, global organizations. In a world where information plays a crucial role, the loss or leakage of data can significantly impact businesses and their customers. 

As we have discovered, large organizations face unique challenges underpinned by the complexity of managing security processes at scale. Insufficient attention to these aspects can lead to serious consequences, emphasizing the importance of developing and implementing an effective security policy.

In light of these challenges, investing in data security through solutions like CipherStash is a key strategic move and a source of competitive advantage, ensuring long-term sustainability, innovation, and the continued trust of customers and partners.

Start protecting your data

Check us out on Github, or book a discovery call to learn more.