Today’s cyber security landscape is evolving as hackers take advantage of digital and hyper connectivity to creatively access networks and systems. We have observed that ransomware attacks are increasing and using new tactics. And supply-chain attacks like SolarWinds and Accellion that take advantage of third-party systems and software to find backdoor entries into enterprises, spread malware with one of the common motives to steal sensitive data or disrupt operations. Whenever a breach occurs, it can take time to detect, is typically difficult to eradicate, and can cause ongoing and significant damage over a long period of time. Recent analysis by IBM estimates the average cost of a data breach at $3.86 million, with mega breaches (50 million records or more stolen) reaching $392 million.
So, what can you do to help safeguard your B2B transactions and file exchanges and mitigate risk to high-value digital assets? These three steps can help enterprises strengthen their security posture:
Limit the exposure to threats.
Limit the spread if it’s already inside your network.
Recover and get back to business.
Let’s look at each one of these points briefly.
How do you limit the exposure? To help prevent intruders from sneaking into your trusted zones you should establish a strong foundation by covering the digital entry points where external information comes into your enterprise safe zones, starting with the most susceptible points to the least. Your IT security teams might be following best practices, like encryption, permission models, secure access and authentication. However, when it comes to internet-facing information and file exchanges with your trading partner community, you should have an even higher level of security that a defense-in-depth strategy provides.
With accelerating digitization, many enterprises today conduct large volumes of internet-based transactions. Implementing strong edge security for your Managed File Transfer (MFT) solution can help identify whether incoming payloads are clean and coming from trusted sources. It’s a complex challenge with thousands of trading partners knocking on your enterprise doors multiple times a day, using multiple routes and protocols, and delivering information in various formats. This does not make life easy for an MFT system and a security administrator. The inflow is never consistent, and the payload varies by size.
It’s like an airport terminal with thousands of travelers entering and exiting the terminal every minute of the day. Similar to an effective file transfer solution, the security gate helps manage the inflow, but you can imagine the risk even if one ill-intentioned person, behaving as an ordinary traveler, sneaks through. You also should have robust security capabilities that are built-in (like full body scanners at security gates) as well as advanced configured capabilities (think extra screening or K-9s sniffing baggage randomly).
In the case of MFT, a few of these security capabilities include: multifactor authentication, validating incoming connections in real-time with sources that are updated frequently, scanning the files for viruses before they land into the trusted zone and ensuring that no data ever lands on disk in the Demilitarized Zone (DMZ). Also consider the versatility of the edge security capability since it doesn’t operate in isolation. Implementing a robust edge security solution, like IBM Sterling Secure Proxy, with flexible options to configure and integrate with other solutions in your existing technology stack can be important to limiting exposure to security breaches.
How do you limit the spread? Despite all your best efforts, there is a chance you might find a bad actor within your trusted zones. What’s important then is to try to prevent it from spreading further and wreaking more havoc. One way is by allowing only listed servers to talk to authorized systems. Another best practice is to avoid use of common protocols like FTP, and instead use proprietary protocols like IBM Sterling Connect:Direct over SFTP, which can help provide high-volume and security-rich enterprise file transfers. Restricting the number of endpoints and using proprietary protocols and a solution architected for enterprise-class secured file transfer, can help limit the damage due to the spread and assists in the next step – recovery.
How do you recover? Once you identify the impacted systems, you should immediately clean and restore the environment. Restoration can involve a complete rebuild of the systems from the operating system up and changing all credentials and certificates. The process often requires having multiple stores or managing them individually on each server, which gets complex very quickly and is time consuming. A solution like IBM Sterling Partner Engagement Manager (PEM) can make it possible to change all credentials and certificates in one place. With the use of campaigns, updates to credentials and certificates with trading partners can be handled automatically, saving time and limiting the risk and duration of business interruption.
There is no magic bullet to guarantee 100% protection from security incidents. However, by following these three steps you can decrease your risk exposure, limit damage and build resiliency into your systems to recover quickly.