News & Views

Data privacy day

To coincide with Data Privacy Day, we ask Aaron Louks, Security Operations Engineer, at leading Threat Intelligence Platform (TIP) provider, Threat Quotient (www.threatq.com/) for an insight into practices which can be beneficial to enterprises on this day of awareness.

Q: What approach does ThreatQuotient take to its own data protection?
ThreatQuotient follows the Principle of Least Privilege in all aspects of our data handling.  Through proper data classifications and role-based access controls, we make it standard procedure to limit access to restricted and confidential information, unless it is required and approved.

Q: What standards and frameworks does ThreatQuotient adhere to and what are the advantages and benefits of these?
We have constructed our policies and procedures to be compliant with the SOC 2 standard created by the AICPA.  This standard ensures that ThreatQuotient is compliant through an annual verification by independent auditors, and that the Trust Services Criteria are applied in all facets of our operations.  These criteria include: security, availability, processing integrity, confidentiality, privacy.

Compliance with SOC 2 assures that an organisation maintains strict information security procedures and can help ensure sensitive information is handled responsibly.

Additionally, our systems are configured with respect to the NIST 800-53 and CIS 3.0 frameworks which help to raise the bar of system configuration hardening and ultimately our customer's data protection.

We use the MITRE ATT&CK® framework for event classification and response prioritisation. This helps to cut through the noise and focus on the most critical situations first. It's also very useful to see a breakdown of events by attack techniques that reveal patterns for improvements to your security posture.

And finally, we comply with GDPR and participate in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework to provide our customers with the peace of mind that we take the protection of their private data seriously and will honour their wishes for any data removal if requested (and verified).

Q: How does ThreatQuotient tackle employee training?
ThreatQuotient Security Operations performs regular internal phishing tests to keep employees sharp and aware of current tactics.  However, even with regular testing and education, no organization can ever hope to achieve 100% phishing identification and reporting.  Human beings are fallible and emotional, so there is always an attack vector. This is why a defence-in-depth approach is necessary to protect an organization.

Proper investment in education and training for employees will typically help with reducing the number of incidents.  However, the benefits are a bit obfuscated since you can only assume the training is working if the incidents don’t occur.  There just needs to be trust that fostering an environment of learning and communication will lead to positive outcomes.  Employees are on the front line of a company's security posture; it only makes sense to improve everyone's defensive skills.
 
Q: How does access to threat intelligence support a company’s data protection efforts?
Back to the defence-in-depth approach, a security tool is only as good as the intelligence sources backing it.  Staying up to date with the current threat landscape through multiple intelligence feeds is paramount for identifying intrusion events and providing data protection for your organization.  I would like to emphasise that it's advisable to diversify your intelligence data because no single feed is going to have a complete picture of the threat landscape.  It is important to have a layered approach so the probability of identifying and blocking malicious activity is improved.

Ultimately, Data Privacy Day is every day at ThreatQuotient, and we can all do our bit, supported by the right tools and intelligence, to improve data protection and safe management.