Page 101 - Cyber Defense eMagazine July 2024
P. 101

The Modern Threat Landscape

            The  shift  from  simply  locking  data  to  exfiltrating  it  marks  a  dangerous  evolution  in  cyber  threats.
            Cybercriminals today are not just interested in disrupting business operations but also in stealing valuable
            information. This stolen data can be used for identity theft, corporate espionage, or sold on the dark web,
            causing immense financial and reputational damage  to organizations.  In most instances,  the exfiltrated
            data is used to compel organization to pay for ransom especially organizations operation in the industries
            (Health,  Education)  where  privacy  is  a  major  requirement.  Data  exfiltration  breaches  are  particularly
            concerning because they involve the unauthorized transfer of sensitive data from within the organization's
            secure environment to an external location. For example, change healthcare cyber attack of 2024 which
            according  to  United  Healthcare  first  quarter  financial  statement  has  cost  the  company  about
            USD820m(https://www.cbsnews.com/news/unitedhealth-cyberattack-change-healthcare-hack-
            ransomware) happened in spite of the layers of defense that exist within the organization. etc.



            The Inadequacy of Traditional Defenses


            Despite advancements  in cybersecurity  practices,  breaches still occur due to various factors, including
            sophisticated  social  engineering  attacks,  zero-day  vulnerabilities,  supply  chain  attack,  poor
            implementation  of sophisticated  defense technology  and insider threats. Zero Trust, which operates on
            the principle of "never trust, always verify," and Defense in Depth, which layers multiple security controls,
            are robust frameworks. However, even these can be circumvented by determined attackers, leaving data
            exposed and organizations vulnerable to significant fallout.



            Understanding Different States of Data:

            Data can exist in three distinct states:

               1.  Data in Transit: This is data actively moving from one location to another, such as over a network.
               2.  Data at Rest: This is data stored on a physical medium, like a database server, hard drive or cloud
                   storage, and not actively being used.
               3.  Data in Use: This is data currently being processed or accessed by a system.


            For example, when you send an email, the message is considered data in transit. Once it reaches the
            recipient’s inbox, it becomes data at rest. If the recipient opens and reads the email, it turns into data in
            use. Eventually, all data typically returns to a resting state for storage and future access.

            While there  are various  encryption  schemes  for data in transit, less  has been done  to encrypt  data at
            rest.  Consequently,  once  security  defenses  are  breached  by  malicious  actors,  the  data  becomes
            vulnerable.  Encrypting  data  at  rest  complements  the  cybersecurity  defense  system  and  ensures  that
            even if bad actors manage to defeat the security mechanisms, their efforts have little effect.








            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          101
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   96   97   98   99   100   101   102   103   104   105   106