Would you now consult with them on Tax issues or… any issue?
This represents one of the biggest hacks of sensitive information in history- 2.6 TB of information from 40 years of operations - may be a kiss of death to this veteran firm. Just imagine the law suits that are on the way…
Since no official explanation on how it happened is available we can only make a few logical assumptions while trying ensure that a breach of this nature doesn’t happen our organization:
- 2.6 Terabytes of data cannot be transferred by Email/ Data Transfer/ Cloud sharing storage
- Thus it had to be done physically with some kind of mobile storage device capable of storing 2.6 TB (which you can buy today in a store next to you/Amazon/eBay etc. for 150-200$)
- Copying this amount of data from a normally secured organization needs special permissions – probably admin permissions- in order to have access to all the storage of current and archived data from 40 years…
- You have to connect the mobile storage device an internal network Workstation/Server/Storage device. Not a trivial task these days where many organizations block this access using Agent based security software or NAC products.
- It takes time to copy such a significant data set to a mobile storage device. ~18 hours if it’s a device you can buy for 150-200$ and ~10 minutes at least if it’s the most recent Flash memory device (PCI connection based) with this type of storage size. The latter requires higher technical knowledge to connect it to a PC/Server.
So how can you avoid such or similar breach?
KISS – Keep It Simple Stupid – is a good approach.
Block USB or PCI connections, block unnecessary data shares, monitor admin rights & logged on users and get alerts on breaches:
|How to Do it?||
Keeps you safe from:
|1. Keep USB & PCI ports locked as a policy||a. Use endpoint agents to lock the USB and PCI ports.b. Apply GPO to lock the USB and PCI.
c. Use Promisec Agentless technology to lock the USB’ and Monitor that DLP/NAC/Agents are actually locking the USB’s
|External storage device connection|
|2. Monitor 24x7 any breach in USB lock policy and get alerts||Use Promisec Agentless technology to monitor 24x7 that no new USB device has entered any endpoint||Missing any entrance of a USB device to your endpoints|
|3. Monitor 24x7 if your content is being used/copied by unauthorized users||a. Use DLP and other content management agents on the endpoint.b. Monitor & manage EveryOneShare credentials with Promisec’s agentless technology in PC’s and Servers to make sure only authorized users can see relevant content.
c. Monitor &manage LastLoggedOn user to the PC or Server with Promisec’s agentless technology in PC’s and Servers to make sure only authorized users are logged on to the PC or Server. Get immediate alerts on breaches.
|Unauthorized usage of content|
Promisec Endpoint Manager (PEM) offers both malware protection and cyber threat detection capabilities. PEM’s endpoint security software monitors for threats and remediates issues before they cause problems for the enterprise. PEM also lets security professionals correct issues remotely and automatically without requiring the use of any heavy endpoint agents. PEM’s built-in reports deliver detailed information to IT teams and executives, so companies can see where they need to address security gaps. PEM’s security threat detection and remediation capabilities allows for enterprise data protection, and keeps information safe even from curious end users.