I recently read a Mandiant research report indicates that Hikit, a backdoor Trojan, has targeted a number of smaller defense contractors for the purpose of conducting industrial espionage. This latest series of attacks highlights the difficulty that many companies face in protecting sensitive data. As we continue to focus on building higher and higher perimeter fences to keep the bad guys out, we often lose sight of what’s behind that fence – the data. What’s more, companies often focus their data protection efforts on consumer data, forgetting that intellectual property and corporate secrets can be just as valuable, if not more, to data thieves.
Attacks like those facilitated by Hikit are particularly frightening because they can go undetected for so long. So what do we do? While there is no sure-fire guarantee against a breach (wouldn’t that be nice?), the most effective method of data security to date is to take a data-centric approach to data protection as part of a defense in depth strategy. Though it seems intuitive, I’m often surprised to find that this approach is not always the go-to strategy for enterprise data security. A defensive security posture is the best strategy for limiting the risk and damage associated with these type of low and slow threats. This includes network segmentation as you mention in the article, but also data centric security such as encryption, access control, and database activity monitoring. Making data unreadable if it is stolen is a last line of defense.