By Eitan Bremler, Co-founder and VP of Product, Safe-T
As more companies pursue digital transformation, they may also increase vulnerability to cyber-attacks. That is because the practice often includes cloud migration, new platforms, and technologies and moving more apps and functionality to the web; all of which can expand the attack surface, increasing exposure to unauthorized network access and data breaches. However, it is possible to move forward in a safe way. Adequate network and data protection infrastructure can allow integration of new technologies while maintaining or even decreasing the increased attack surface that often comes with it.
Here are some best practices to help an enterprise keep their data safe from breaches and leaks:
Secure sensitive data
Users should get authenticated out-of-band before gaining access to a server or service. Out-of-band-authentication (OOBA) is a security measure that requires users to verify their identities through a separate channel. It is also sometimes referred to as two-factor authentication. However, this measure is unfortunately underutilized, creating a situation in which workers can save their credentials to reduce login steps. Anyone walking by can easily get into such a system. Sure, in-person attacks are rare, but exploitation of remote access tools can result in the easy entry for a hacker who knows where to look.
Control data usage
By controlling access to specific locations and files on the network, businesses have a better chance of preventing insider attacks and data exfiltration. These data leaks aren’t always necessarily malicious, or even intentional. Employees can email themselves files from work to open on a home device where security may not be as robust. Through access restrictions such as locking certain files, BYOD policies, and preventing sensitive file email transfer, these leaks and the risks they cause can be avoided.
Reduce the attack surface
Organizations are under constant threat of attack, and as their network perimeters grow larger and more porous, traditional authentication, encryption, and access mechanisms can be bypassed by even inexperienced hackers. Enterprises can mitigate the risk of external threats to applications and services while protecting access to on-premises, mobile, and hybrid cloud environments by reducing the attack surface of their network. But the best way to reduce network attack surface and intrusion vulnerability is to hide the network entirely, via the latest Software-defined Access solutions. This removes the need for white lists and blacklists. Instead, users are given access on a case-by-case basis. Muhammad Ali famously said, “His hands can’t hit what his eyes can’t see,” which is a valuable lesson that companies should apply to data access and security.
In the digital-age when better enterprise technologies become more available, securing networks and the data they protect must continue to be the highest priority. By applying proper security methods like out-of-band authentication, user access rights, and even hiding the network entirely, organizations can fortify their most valuable assets and information against the threat of intrusion and theft becoming increasingly apparent.
About the Author
Eitan Bremler is responsible for overall global Marketing and Product Management activities of Safe-T including product strategy and roadmap, product marketing, positioning, go-to-market, and corporate marketing. Eitan brings to Safe-T more than 15 years’ experience in marketing, product marketing, and product management roles. Prior to joining Safe-T, he held multiple product management and product marketing positions at Radware and Radvision an Avaya company. Prior to working for the RAD group, he served as an officer in the Israeli Intelligence Corps unit 8200. Eitan has diverse technological, field engineering, product management and marketing experience including design, implementation and launching networking, collaboration, and security solutions.