Data Centric Protection against Ransomware Attacks at the Office of the Auditor General

Abstract

In attempting to answer the question of whether the Office of the Auditor General is doing enough to protect the sensitive data in its possession, I start off by stating the current information security trends. The trends highlight an upward rise in data breaches despite the numerous traditional approaches to secure data and network resources like firewalls, antiviruses, anti-malware gateways etc. In validation a study is performed at the Office of the Auditor General. Analysis of the survey data brings to light the current state of affairs that exhibits a random or ad-hoc approach to information security. It also reveals that traditional defences can be useful in protecting information assets against ransomware despite their shortcomings. The weaknesses of such methods is discussed thus emphasising the need for new innovative approaches to data security An unconventional approach is gradually gaining popularity as an alternative. This approach is known as Data Centric Security. It is a structured approach to enacting security by emphasising data protection as the ultimate objective. Consequently that entails being knowledgeable at all times of your data, how it is transmitted, the destination of that data, and securing it throughout its different forms/states and locations. Lastly this approach is advanced as an additional control to augment the traditional defences. It is advocated that such approach will give relative assurance that most (if not all) attack vectors are covered when instituting defences.