Data Protection or Information Security has become a serious, board level concern that has C-level management and IT professionals investing an inordinate amount of time and resources to mitigate risks. News stories about cyberattacks and data breaches have become commonplace and experts are unanimous that it is no longer a question of If a cyberattack will succeed, but When?. These breaches are extremely costly and new regulations such as the General Data Protection Regulation amplify those costs. Historically the emphasis has been on perimeter defenses; bigger and better firewalls, antivirus and other malware detection technology. Data Loss Prevention (DLP) tools help address exfiltration and the omnipresent internal threats. However, all this emphasis on walls and detection has the left the back end relatively unprotected. The back end being defined as all of the end-user controlled (EUC) files that are unstructured and may contain sensitive information such as PII or PCI. Like it or not, spreadsheets are ubiquitous and the reality is that some of this sensitive information is stored in these files. Industry experts estimate that the average employee has 3,000 EUC files. Given the punishingly high cost of a breach and the extreme size of the file estate, how can you reduce the cyber risk associated with EUCs and protect the back end?
MITIGATING THE CYBER RISK ASSOCIATED WITH EUCS
CIMCON provides software tools that should be part of your overall all cybersecurity architecture. Well known for its end-user computing GRC solutions, CIMCON technology is providing additional value in helping companies reduce cyber risks.
STRENGTHENING YOUR CYBER RISK STRATEGY
The business improvement opportunities in big data and the high adoption of self-service analytic tools like Tableau and Qlikview further expand the cyber risk in EUCs. Given the sheer amount of data that exists, all company data cannot be protected equally. Consequently, it is important to identify the files that have inordinate risk to your business and focus efforts there. Despite the growth in analytics, spreadsheets are still the most widely used tools for analysis and reporting and often play a central role in financial processes. These spreadsheets and other end-user computing applications (EUCs) are used to manipulate sensitive data. These files are highly vulnerable to theft or fraud since they are rarely monitored or controlled. Accordingly, EUCs must be an important consideration when developing a cybersecurity strategy. Intruders may find a way into company networks but companies with a comprehensive cybersecurity strategy that cover EUCs have more of an advantage. Being able to know which files contain sensitive and business critical data and then being able to put proper controls around them can help protect that data. Standard user access mechanisms alone are no longer sufficient.
INVENTORY AND RISK ASSESSMENT IN UNSTRUCTURED EUC FILES
Step #1 is knowing how many files you have, where they are and if there is sensitive information contained therein. CIMCON's EUC Insight Discovery scanning technology can rapidly search network drives and create an inventory of all of your unstructured, end-user controlled files including Excel spreadsheets, Word documents, PDFs, Tableau, Qlikview files and SharePoint repositories, just to name a few.
EUC Insight Discovery can also:
- Identify abandoned files that haven't been modified in years. Deleting these unused files is the best way to prevent them from being stolen and for large companies it can save petabytes of storage.
- Automatically scan these files for key information and highlight the files that have sensitive information like PCI or Social Security numbers.
- Display reports and/or output data to other reporting tools so you can determine where the biggest risks lie.
Controls
EUC files that need to contain sensitive information should be secured so that when a network breach takes place, or there is an exfiltration attempt from within the company, the EUC files or portions thereof cannot be accessed.
CIMCONs controls technology provides:
- Enhanced file read, write permissions so there is a second line of defense
- Location-based security that prevents access to a file by any user if it is moved from its normal file share location.
- Easy locking of ranges, formulas, pivot tables, sheets, and macros at an individual user or group level of granularity, protecting parts of a file so that only approved users can read and/or write.
Remediation
Once you have identified the files with the highest level of vulnerability, you have multiple options for mitigating that risk;
- If the file can be determined to be abandoned then deletion is a 100% failsafe option
- If the presence of sensitive information is in violation of EUC Policy the end user can be asked to delete or move to a controlled environment
- If the presence of sensitive information is within policy then extra layers of protection beyond the normal user access controls can be applied
Monitoring
CIMCON monitoring technology also helps in cyber risk management, not in the classic cyber role of real-time threat detection but within the context of EUCs an audit trail can;
- Provide tracking of the adding/modifying/removal of file level passwords. If a user edits a file so that it is no longer in compliance with company password policy, that behavior is tracked and email alerts can be sent to appropriate managers.
- Help support the third line of defense by giving Internal Audit the technology to determine that the processes for mitigating these cyber risks are in fact being used.
- If the presence of sensitive information is within policy then extra layers of protection beyond the normal user access controls can be applied
