Prime Factors Blog

At Risk: The Human Factors in Data Security

Posted by Pete Flagella on Jan 4, 2018 10:01:00 AM

Find me on:


The Problem

The successful cyberattacks of 2017 demonstrated the following: cyber criminals are getting more sophisticated, the profile of those attacked is widespread and indiscriminate, ranging from the enterprise, to small and medium businesses, as well as individuals. With the emerging Internet of Things (IoT) used to access business and personal data, transactions, and Cloud-based services, the one common variable is ‘wetware’, the device between the keyboard/touchscreen and the seat – the Human Factor.

There is an undeniable economic and societal benefit resulting from the IoT. The proliferation of easy access to professional and private systems and data has impacted all industry verticals. While the loT has brought about a richer, more robust user experience, it has also resulted in more options, choices, paths, and confusion, not to mention carelessness, as users do their best to navigate the digital landscape.

To maximize the ease of access while keeping data systems secure from cyberattacks, the data security industry has developed an ever-growing set of solutions to mitigate attacks. You may be familiar with some of the solutions developed over the years, collectively referred to as ‘Data Perimeter Security Systems’. They include MFA (Multi Factor Authentication), IAM (Identity Access Management), SIEM (Security Incident and Event Management), ASA (Adaptive Security Architecture), and CARTA (Continuous Adaptive Risk and Trust Assessment), to name a few.

These Perimeter Data Security solutions have a key driver to their offerings – User and Entity Behavior Management - the first line of defense to both providing needed access to data and protecting it. If both the user and device (sometimes both bound by time and location restrictions) can be verified and authorized, then access is granted; if not, the user and or device can be blocked, logged, and audited. As an important component of an overall data security policy, providing user access while securing system and data integrity, getting past the ‘wetware’ or Human Factor access point is the most common initial breach. Additionally, the proliferation of IoT, ease of access, and the level of confusion and carelessness brought on by the growing global digital market has resulted in the demand to not only maintain these systems but the new and updated data security professionals who manage them. In an effort to address these growing concerns, the US National Institute of Standards and Technology (NIST) updated its Digital Identity Guidelines in June 2017. The new guidelines address how federal agencies should identify users on websites and handle personal data to assist users in identity and personal data protection.

The Solution

While there are several ways to approach these issues, Data Perimeter Security Systems are an important component to the overall Data Security Architecture and profile of any business. They provide the first line of both access and defense to the systems and services for personal and business users. These systems can require significant investment of time and resources and should be a high priority not only for IT professions but C-Level executives, business owners, and line management professionals. 

However, the cost, time, and complexities of proof-of-concept to implementation can take months and even years before an organization will see the ROI and effectiveness thereof. Meanwhile, cyber criminals continue to find faulty user password and credential management to gain access to critical data while organizations struggle to manage and protect the ever-changing Human Factor.

Encryption, however, is an instant, real time, and cost-effective solution for protecting data. 

Prime Factors' EncryptRIGHT is an integrated, software-based solution that can also provide Key Management and Tokenization for authorized access to all or partial data, whether the data is at rest or in motion. Due to EncryptRIGHT’s cross-platform architecture and customizable API library, the cost and time to implement is significantly reduced. Additionally, proper use of EncryptRIGHT for encrypting your data and managing your keys can help mitigate most cyberattacks and data breaches regardless of the size of an organization.  

Organizations with effective security strategies continually monitor and update their policies, strategies, and procedures to increase their effectiveness and awareness. As a result, they are prepared to defend themselves against new threats to sensitive data.

To learn more about how encryption with EncryptRIGHT from Prime Factors can protect your organization and if you are compliant with industry standards, contact Prime Factors at 888-963-6358 or fill out our online form for a free consultation.

Topics: Tokenization, encryption, PCI Data Encryption, PCI Data Security Standards, PCI Compliance, PCI DSS, EncryptRIGHT, key management