There are a lot of talented people in our industry. We thought it would be a good idea to interview them for our blog and find out their thoughts and opinions on key industry issues.
Our first interview is with Andrew Hay, CISO of DataGravity. With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew is responsible for the development and delivery of DataGravity's comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage. He also previously served as a senior security analyst for 451 Research’s enterprise security practice (ESP). Andrew draws on his data security expertise to share commentary and thought leadership about the industry, having published a series of playbooks, guides and articles in trade publications. His thought leadership and security expertise have been recognized by the SANS Institute, IT Knowledge Exchange, CEOWorld, as well as other organizations.
1. What percentage of attacks do you think are targeting the theft of data?
That's a very difficult question to answer as there are so many variables influencing the value of the data and the lack of security controls protecting the data.
Cloud storage is the new USB drive (which is the new floppy disk) with regards to the ability for an insider to surreptitiously transfer sensitive data outside of their organization. As all of the popular cloud storage platforms utilize SSL, there is very little inspections capabilities available at the network level - though one might argue that if the data is already in flight, you've already lost the ability to prevent it from leaving.
Port scanning is often a probing precursor to a potential attack as a way to see how soft the target is. Port scanning should be treated as an early warning indicator but not as a definitive sign of an active attack.
That is a battle that has been around since the dawn of networks. I believe that we should follow a zero-trust model and only allow communications through our firewall that we know serve a business purpose. This would dramatically reduce our attackable surface area.