The original version of this blog was posted on Carahsoft’s Community
The threat of data breaches at federal agencies is ubiquitous. According to the 2017 Thales Data Threat Report, 34 percent of respondents from federal agencies experienced a data breach in the last year, and 65 percent experienced a data breach at some point in the past. Almost all (96 percent) consider themselves “vulnerable” to a data breach, a number that is higher than any other U.S. industry. The increased sophistication of these intrusions, talented developers available for hire on the dark web and easy means of decentralized anonymous payment systems (bitcoin) will continue to be a tremendous challenge for IT departments.
For example, in one highly publicized cybersecurity incident, hackers stole up to $30 million from the U.S. government when they breached the Internal Revenue Service (IRS) Data Retrieval Tool. In addition to the fraudulent tax returns filed by cybercriminals based on the stolen financial data – which they used to file more than 8,000 phony returns that resulted in refunds – nearly 100,000 taxpayers were left at risk of identity theft when their private financial information was stolen from the forms that the hackers gained access to.
This scenario is an illustration of a disturbing new IT reality: government agencies operating in the digital age today face ongoing dangers of loss, theft and accidental disclosure of sensitive legal information and private data they are required to manage.
Protecting against these inherent risks requires complete visibility into the location of sensitive data across the agency, which can be a challenge when data is located across various endpoints on a government network.
Ensuring data privacy and compliance is a challenge, but we’ve identified three recurring best practices amongst federal agencies with whom we partner when it comes to effectively mitigating these risks:
Ensure Complete Data Visibility. Knowing where sensitive data resides is the first step in reducing potential data security risks. Being able to see if sensitive data is sitting in unapproved locations or devices gives security or compliance officers the ability to access files and data discretely, allowing them to search and destroy potential risks. By running automated first-pass scans of thousands of computer endpoints and network share repositories, users are able to locate authorized data residing in unauthorized locations (such as classified information on an unclassified network) and remove those risk points.
Deploy Remediation Tools. Take immediate action to fix or destroy any identified risks so the potentially problematic data is remediated across the agency. Many data loss prevention tools or cybersecurity solutions on the market today will alert you to potential issues, but do not provide a way to remove the problem at the source. Essentially, remediation deletes non-compliant data to help assess, control and mitigate risk while enabling policy enforcement. And, it is important before remediation to also create a forensically sound copy of the data for gathering evidence, should an investigation follow.
Proactively Plan for an Incident. A data incident is almost inevitable, as data continues to sprawl across the network, and would-be bad actors become more and more sophisticated. In a data security incident, time is of the essence, and the sooner you can identify and stop the damage, the less impact it may have. It’s important that agencies have a thorough plan in place to address a possible data security incident and frequently re-visit the plan to update as needed. Work with internal teams across the organization – such as HR, Legal and Compliance – to respond quickly to breach incidents, including the facilitation of regulatory and legal investigations that must be done accurately and covertly.
So how can an agency, often working on challenging budget constraints, achieve these three risk mitigation objectives on their own?
Many government teams are now deploying new software tools, such as enterprise data risk remediation products, to aid them in this effort. Government agencies can take advantage of emerging software tools built around proven enterprise search and investigative forensics capabilities to find and eliminate data that should not exist, or should exist only in defined locations. The best of these tools will provide greater visibility into enterprise data risk, remediate that data to mitigate agency risk exposure, and facilitate fast and thorough post breach analysis and response.
Join Carahsoft’s webinar with AccessData, “The Key to Effectively Minimizing Data Security Risk,” on March 8th to learn about their latest enterprise data risk remediation solution.