20 Apr Annual Hacking Competition Exposes Cybersecurity Weaknesses: How Can Your Organization Prepare?
Annual Hacking Competition Exposes
How Can Your Organization Prepare?
20 April 2021· 4 min read
Microsoft Teams, Zoom, Safari, and a handful of other platforms were hacked over the past two weeks. Following the heightened concern and panic left in the wake of SolarWinds and the Microsoft Exchange hack, you may be wondering why these recent attacks haven’t garnered the same attention.
These latest hacks to Microsoft, Zoom, and others aren’t malevolent in nature, but are a direct result of Zero Day Initiative’s annual Pwn2Own hacking competition, in which hackers around the world breach large companies. Once they identify the loopholes, the affected companies have 90 days to fix them before they are made public.
Though it may seem counterintuitive, ZDI and other related groups help teach two major lessons in cybersecurity: data breaches are inevitable, and anyone can be hacked.
How Can Organizations Prepare For a “Bad Day”?
At Prosperoware, we refer to a data breach as a company having a really “bad day”, which in today’s cybersecurity landscape is not if it will happen, but when. While it may be easy to assume that larger organizations have mechanisms in place to avoid breaches, ZDI’s Pwn2Own competition highlights how hackers can always worm their way into your network.
Unfortunately, most hackers aren’t breaching organizations to let them know what to fix. Sophisticated hackers take advantage of governance weaknesses, collecting valuable intellectual property and personal data over a span of months, before anyone detects them. By that time, it might be too late, as they could have deleted data or copied it to hold ransom.
This issue can be compounded if your organization doesn’t have data backups in place. You may not even realize the extent of a breach if your organization doesn’t have copies of what has been stolen or deleted.
Not only does this leave you to pick up the pieces of what major projects may have been lost, but it also leaves you on the hook for any regulatory fines. Backups also allow you to access your data, documents, and projects during a breach or an outage. This assures your most important work won’t be lost while you also adhere to privacy and security regulations. Data backups are just the first of many steps your organization can take to prepare for an attack.
When working on a project, matter, engagement – whatever you may call them – reducing data chaos by providing a logical place for users to store data is crucial. When users know where to place data, they are less likely to save it in their local drives, increasing the risk that a hacker will get access to their content. Adding and tracking rich custom metadata will then allow them quickly to search and find their content, improving collaboration and productivity, and setting the foundation for governance.
Once data is in the right place and metadata is tracked, risk management teams can easily understand the business context of data and apply the relevant security and minimization policies. They can properly manage access according to a need-to-know or Zero-Trust strategy, create document archives to access in case of a breach, and analyze audit trails for any suspicious activity.
Data minimization is also key. Keeping data beyond its usefulness inflates storage costs for organizations and increases the risk of a data breach. Not only that, but organizations are required by privacy and cybersecurity regulations to keep data for only as long as it is necessary and minimizing it when it is no longer useful.
Setting these practices into motion can be resource consuming when done manually, but technology can help set the necessary processes and automate them so your organization can balance operational efficiency with governance to protect from a bad day.
How Prosperoware Helps
Prosperoware CAM empowers organizations to safely collaborate without chaos across collaboration platforms by providing effective adoption and governance. CAM enables mitigation of data chaos by providing a logical location for users to place data, tracks rich custom metadata to enable data context, making it easy to locate content and apply security.
CAM, integrates with multiple collaboration systems, including Microsoft 365 (Microsoft Teams, SharePoint Online, OneDrive, OneNote, Planner), file shares, iManage, NetDocuments, HighQ, and more to come.
Here’s what CAM can do for you:
- Automatic provisioning of workspaces, Teams, Channels, and folders from Project Portfolio Management, CRM etc., or through human workflow using templates
- Rich, custom metadata for project or document context
- Unified project directory for content location for end users and risk management teams
- Automatically provision internal & external users, manage permissions, and integrate with ethical wall systems
- Data Loss Prevention including activity monitoring and bulk security & metadata changes
- Minimize data by setting data disposition policies or apply litigation hold