Cyber attacks may be a relatively new risk to organisations, but the statistics are staggering: according to UK government figures, in 2016 two thirds of all UK-based large businesses reported a cyber attack or cyber breach, and the cost of cyber attacks to the global economy is predicted to reach US$6 trillion by 2021.

Today, we would like to take you through the same journey that our company went through to create VisDa, our unique data transfer risk management solution. In doing so we will examine cyber risk, make the argument for prioritising the risk of data theft over other aspects of cyber risk, and finally propose a new tool that allows companies to monitor and mitigate these risks to ultimately reduce the number of successful attacks launched.

The Highest Priority Cyber Risk Is That of a Data Breach

The institute of Risk Management defines cyber risk as: “any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems”. This is an extremely broad definition, and highlights how the concept of cyber risk is an umbrella term to describe a series of individual risks.

Tackling risk is not a one-size-fits-all approach. Different types of cyber risk require different groups of controls to mitigate them, and so to help lower the risk profiles of business we need to make this definition more granular. For the sake of this article I’d like to break this definition down into two sub-risks – risks to a company’s network infrastructure (this maps to availability within the Confidentiality, Integrity and Availability (CIA) triangle; it’s the idea that financial loss and reputational damage occur if the business can’t operate due to the network not being able to perform as required), and risks to a company’s data (this maps to the concepts of integrity and confidentiality within the CIA triangle; data is valuable).

A paper published in 2015 by Tavish Vaidya of Georgetown University looked to analyse major cyber attacks that had occurred between 2001 and 2013, and the conclusions are interesting. The paper observes that a large majority of attacks analysed were motivated by the desire to steal corporate data – in fact more than twice as many attacks were aimed at exfiltrating data from the target networks than disrupting networks. The only other attack motivation that occurred almost as frequently as data theft was cyber espionage.

Thus, if we were to prioritise the risks to a business it would be prudent to place data theft through cyber attack as the highest. This correlates with the trends we see in the media; most attacks reported by journalists involve the theft of corporate data, and in January this year the Identity Theft Resource Centre reported data breaches in the US were up by 40% in 2016 when compared with 2015.

Data Exfiltration Requires a Data Transfer To Take Place

Now that we have identified what the priority risk is to corporations across the globe, we can begin to dissect just how this risk materialises.

A second paper, published by Ryan C. Van Antwerp and the University of Delaware, examined the methods of exfiltrating data out of a network. The paper identifies 14 different methods of data exfiltration from a corporate network, and describes the biggest difficulty in detecting malicious data exfiltration as distinguishing malicious exfiltration from legitimate data transfers. If we switch our attention to accidental data breaches, this challenge is even more apparent (think of the typical example of an employee sending an email full of confidential data to the wrong recipient) – how can we distinguish an accidental data leak from a legitimate business data transfer? The short answer is that we can’t easily distinguish between the two.

Data Loss Prevention (DLP) Software Do Not Give You The Holistic Picture

In their simplest form, DLP solutions work by either scanning documents for key words or by looking for flags attached to the data when it was created. Using these pieces of information, they aim to either stop or allow data to leave the corporate network.

DLP has encountered many challenges. Requiring large amounts of infrastructure to implement (servers to enforce policies, scan data transmissions etc), DLP implementations are costly. DLP solutions also cause network performance issues due to their lack of network transparency, and require large teams of analysts to monitor the alerts being raised to ensure that the correct policies are being enforced.

To compound these challenges, several DLP solutions require a human element to tag files (the tagging of files is rarely consistent), and any malicious user would know that by encrypting the file they are trying to exfiltrate they can beat the DLP solution relatively easily.

These challenges have led to a relatively poor adoption of DLP solutions, and arguably the only benefit a DLP solution poses to a business is to reduce the number of accidental transmissions of data outside of the corporate network – malicious data exfiltration will just use encryption to beat the solution. The same results, a decline in accidental data leaks, could arguably be achieved through a strong training and awareness programme, which would cost a fraction of the price of a DLP solution.

Most importantly, DLP solutions are too granular. They do not give you the bigger picture with respect to how data is being transferred both internally within your company and externally. They don’t follow a risk-based approach.

VisDa

VisDa is a tool that gives companies three main capabilities. The first is the ability to map out all their data transfers both internally and externally on their network, allowing them to spot malicious connections. The second is the ability to visualise and quantify their complete risk exposure when it comes to data transfers. The third is the ability to add context and information to security events quickly and efficiently by acting as a ‘black box’ on the network.

Using VisDa, we monitor a network for data transfers and then apply a risk score to each data transfer based on several features – these include the amount of data sent in the transfer, the types of files the data is contained in, the time and day the transfer was sent and the destination IP address of the transfer. The risk score calculations are highly adaptable and can be configured to map to an organisation’s individual risk framework and operational environment.

VisDa allows companies to then approve (and pre-approve) expected data transfers, and investigate data transfers that seem malicious. The next generation dashboards convey your company’s global risk in a quantifiable way, giving your board of directors an easy to understand and easy to digest report of their risk exposure when it comes to data transfers.

Designed for high throughput networks (VisDa has been installed on networks running at 1 terabit per second), the tool is completely transparent and will have no impact on network performance.

GDPR And The Future

Data transfers and the risk of data breaches from data transfers take centre stage in the GDPR. With the largest fines (four per cent of global turnover or €20 million, whichever is larger) being aimed at companies not in control of their data transfers to external parties, there is now a pressing regulatory need for a solution such as VisDa.

To help companies better manage their data transfers with regards to GDPR, VisDa also contains tailored workflows and reports aimed at monitoring GDPR compliance.

As a solution VisDa not only helps to satisfy the regulatory requirement of managing data transfers, but also helps speed up the reporting element after a data breach. Under GDPR, companies must report data breaches to regulatory bodies within 72 hours of being made aware of the breach – VisDa provides a ‘black box’ of information that analysts and forensic experts can use to rapidly find out exactly what happened with regards to the incident, adding information and context to the report to the regulatory body.

VisDa is a solution that gives companies a fresh new way of monitoring data transfers and quantifying their global risk of a data breach – it is a complete data transfer risk management solution. Giving companies the ability to spot malicious data transfers and providing actionable business intelligence for companies to lower their risk profile is a valuable tool in the fight against cyber crime. Alongside this, VisDa helps to satisfy regulatory pressures from the incoming GDPR in a way that no other tool currently can.

To find out more, please contact info@secgate.co.uk.

Please follow and like us: