Back to blog

Are We Playing on Offense or Defense When It Comes to Protecting Data?

Pathlock
August 4, 2016

Are We Playing on Offense or Defense When It Comes to Protecting Data?

Guest blog by: Brian Gonzalez Hernandez, SAP

This morning when I came in to work from the weekend, I saw a report from one of our partners comeOffenseorDefense across my desk. The report was titled Top 5 Cyber Security Breaches in July and before I opened the report, I wondered what top breaches could have happened in July that I didn’t notice. Maybe it was too early for me to figure it out at 6am but for the life of me I could not remember a single major cyber security breach this past month. Defeated, I clicked to follow the link and I was dumbfounded at the fact that I wasn’t able to recall, during my self-quiz, the major American Democratic National Convention (DNC) breach that made headlines when WikiLeaks released thousands of private emails. The emails have resulted in some embarrassing moments for the victim of this cyber breach, but what struck me the most was the line that stated “the security firm hired by the DNC due to the breach found…” The sentence shows that the DNC hired a firm post breach! I would expect that they had some sort of security measures to protect their servers, but that one statement highlighted an industry trend: reactive instead of proactive preventative measures. Are we playing on Defense? Now one could say, well the American DNC is a major target that could possibly have been breached even with preventative measures but what if there weren’t any or if there weren’t enough preventative measures taken? Honestly, what struck me the most was the fact that I didn’t immediately relate this to Cyber Crime. In fact I had heard about the breach and classified it as a political event. My mind, even though I boast being a digital native, did not immediately capture this as a crime in my native digital world and that was shocking. This event was just the first one on the list and to be honest even working in the Industry I hadn’t heard about the other four hacks.
  • Illinois Voter Registration System –traced back to the Netherlands and compromising voter signatures and history using SQL Queries.
  • Amazon– A hacker reported breaching Amazon’s servers and gaining the PII (Personally Identifiable Information), including usernames and encrypted passwords of Amazon Kindle users. The report stated that he wanted to expose critical security flaws and when officials did not respond to him he released the data he has captured.
  • Netia –Polish telecom company Netia experienced a breach in its systems that exposed sensitive customer data prompting the company to release a statement to the public
  • Interpark –A major Seoul based website Interpark that handles millions of dollars in transactions reported being breached by the North Korean General Bureau of Reconnaissance exposing 10 million customers’ PII. They too, in a reactive response, alerted authorities immediately after the breach but the information was already compromised.
What is so shocking is that we are only talking July and only the major breaches. Cyber-crime is a global concern but more than that one thing that concerns me is that only the reactive solutions are mentioned when addressing these breaches. What can we do? In an effort to address the proactive side of solutions and continually improve, at SAP we have partnered with Pathlock Technologies. Together we offer: SAP Access Violation Management that has the capability to manage and monitor SAP and non-SAP systems. SAP Access Violation Management, Risk Assessment Edition which reduces manual mitigating controls for Segregation of Duties (SoD) as well as analyzes financial impact exposure in a dollar value. SAP Regulation Management which assess and responds to the ever-changing world of compliance regulations and accelerates efforts to adapt and change to achieve compliance. SAP Regulation Management, Cyber Governance Edition which allows you to find missing or incomplete requirements across your cybersecurity framework. Play on Offense! All of these solutions provide real time monitoring that is automated and constantly surveying your Cyber Security Landscape giving you more visibility into how well your strategy is working! If we are going to protect our Data then we need to fight back with digital solutions that enhance and constantly improve our defenses so that we can stay on offense. Let SAP and Pathlock show you how and together we can get a win on Cyber-crime! [email protected] @BrianSAPCanada on Twitter.