While GDPR is gaining momentum and companies across the EU are busy implementing best practices in security and implementing procedures for control and visibility over Personal Identifiable Information (PII), one aspect of securing the assets is almost always neglected: knowing how data is shared within an organisation’s network.
Currently, many countries like Italy, Germany and UK are experiencing attacks aimed at stealing their data by exposing vulnerabilities and misconfigurations of their internal Active Directory domain. Numerous companies have very little (to none) insights into what document assets they have, what information is stored, where it is stored and who has access to them. A user account with high access privileges can have a shared drive mounted over the network to their computer and easily save sensitive and PII data to it. We see this happening everywhere. Often such shared drives are even accessible from the guest WiFi network. A hacker does not even need to hack into your network or be physically in your office!
When a malefactor wants to get into your system they will often obtain valid login credentials by social engineering and can use these to explore and steal your data. A typical attack will appear when a hacker gets inside of your system with these stolen credentials, does their reconnaissance of the overall structure and Active Directory domain and then performs the next step of either escalating their privileges or stealing data if it is already widely shared. Sometimes they do not need to escalate their privileges via exploits and vulnerability holes on unpatched servers but can simply find a file with passwords on your shared folders. It is crucial to know where your sensitive assets are and make sure only the people with correct access rights can access those. Often these assets are stored in forgotten folders and in archives that are still accessible but not monitored or tracked.
At Getvisibility we are often seeing this major pain point and we have developed software packages called the Getvisibility Core and the expanded Getvisibility Focus to address these needs. These identify all the sensitive and PII assets across a company’s network, identify the access rights to this data and other non-sensitive files, monitor who is accessing it, assign risk scores and alert on the most serious issues. Based on your sensitive data and your permission structure we calculate a risk profile for widely shared data, or users who have excessive permissions, so you can highlight problem areas and allow you to protect your data.
Simple discovery of sensitive data can result in unusable dumps of massive file lists, so we sort the discoveries into priority order by the risk score, allowing you to quickly focus on the areas that need attention.