Following in Edward Snowden’s footsteps, yet another NSA contractor has leaked highly classified trade secrets and government information. My question to you: Are we really all that surprised?
What’s most alarming is that even if the NSA had the best security measures in the world, what does this say about the our overall state of security?
Executives, government officials and politicians especially, are paying close attention to cybersecurity, but it’s clear that a fundamental change needs to happen fast. The urgency and outcry of public responses to news of hacks are resulting in resignations due to serious violations of personal safety and privacy. Even when events mirror or resemble cyber attacks, the show completely stops, money and time is lost and people expect the worst.
There is no safe-zone
In a world with crumbling perimeters and network security systems outright failing, we’re just now waking up to the fact that there is no ‘safe zone’ for data anymore and we must accept that our most critical information will inevitably travel beyond our control. Like getting breached, it’s not a question of “if” but “when, for everyone.
With the “most secure” government body being subject to hacks and falling victim to numerous insider threats, no one is immune and age-old security techniques simply aren’t working. As much as organizations today want to trust their employees and third-party vendors, we must look at the bigger picture, the company’s ‘crown jewels,’ and protect it at all costs.
Borders have become obsolete and perimeters, ineffective
Put simply, traditional security approaches are broken and failing us every week, if not every day. As security giants continue to make incremental improvements and fight to innovate in cybersecurity, it’s clear we need a fundamental re-write of how we protect information in the first place.
In this new model, security and policy must attach to the data itself and travel wherever it goes, eliminating the risk of business critical information falling into the wrong hands. When corporate perimeters and endpoints are irrelevant and we expect information to leak, governing the relationship between people and disparate pieces of information – and controlling rights within this relationship in real-time – is the new norm for protecting information. We must change our collective approach to cybersecurity and I suggest starting here:
- Assume your information will leak outside perimeters and firewalls. This is no longer the exception, but the norm.
- Build security solutions compatible with cloud, mobile and web-based platforms and apps people active use (Dropbox, Box, Quip, Google Drive, Office 365, Slack, Email). People are creatures of habit, will inevitably chose the path of the least resistance and use what they want to use.
- Protect each piece of data with scalable and adjustable security, policies and encryption. Security must attach to the data itself, at the time the content is created and shared.
- Introduce solutions that provide universal visibility and control for users and IT.
The impact of the recent breaches go far beyond companies and employees. Hackers are jolting sensitive data about families, health and personal welfare and sending them through backchannels into a blackhole of vulnerability.
We’re past due for a fundamental change that zeroes in on encrypting and protecting information at the file-level, especially when we have to assume our most critical information will fall into the wrong hands. It’s a big shift, but once made, tackling security in the modern world becomes dramatically easier.