Securing Your Data Across Channels: Strategies for Outpacing Zero Day Threats and Hackers

Ask the question “What is your top threat?” and you’ll not only get different answers, you’ll get completely different viewpoints on where to start in addressing threats. Threats can be defined by:

• Threat Actor: hacktivists, eCriminals, state-sponsored attacks and insiders
• Root Cause: excessive privilege, poor patch management, security vulnerability management gaps
• Trigger event:  theft of intellectual property, theft of medical identities, denial of service attacks

Although it’s starting to mature, security leaders also have different thoughts on how to define threat intelligence. The perfect scenario is to be able to join these two viewpoints to gain a complete understanding of the threat landscape:

• Data intelligence: what is happening on the system from a 1’s and 0’s aspect and how is it happening
• Bad actor intelligence: Who is attacking your system, why are they doing it and what are they after – a type of intelligence that lends itself more easily to a business-level discussion

Third parties in the business ecosystem represent another channel through which hackers and can reach the organization in that an organization inherits a third-party’s good and bad practices:

• Security leaders have extremely limited visibility as to a third-party’s security practices
• Security attestations represented on paper, in a contract, or during a once-a-year audit only represent security at a point in time
• IT environments change so rapidly that an audited security state is typically outdated within six months
• Cloud adoption represents the same set of threats but in different packaging and requires a level of trust that security leaders may be uncomfortable with because of transparency issues relating to the extended cloud enterprise