As the country’s most data savvy enterprises exploit data for a competitive edge, they are lagging in data security mindsets…
Thanks to digitalization, everything we need at work can be just a click or touch-screen swipe away.
On the flip side, however, this has made us susceptible to information leakage—the loss of critical and/or sensitive corporate and personal information that can result in lawsuits, fines, other financial damage and even a negative impact on the brand.
For India, in 2021 alone, data of 86.63m users had been breached, including some of the most significant breaches like Air India and Dominos Pizza, according to Dhruv Khanna, CEO, Dataresolve.
In addition, the motivations behind cyberattacks for stealing confidential enterprise data have been increasing, with bigger payoffs and more recognition from every attack. These factors make it even more difficult for organizations to detect unauthorized use, access, and disclosure of confidential enterprise data.
According to Manasi Saha of Macaws Infotech, Kolkata: “Organizations here are lacking knowledge and vision while differentiating sensitive digital assets from other data. There is also a lack of proper data security policies, lack of defined usage rights for organizational users, and lack of security parameters to prevent data leakage. Most firms do not invest in data security education for employees, which could prevent a massive amount of data breaches inadvertently caused by staff.”
Two-tier insider threats
As the workforce in India and around the world becomes more mobile, employees working from outside the organization’s premises raise the potential for data leaks. In many cases, sensitive data is shared among various stakeholders, e.g., business partners and customers.
Also, in the widespread and new ‘work-from-home’ culture, workers in the country are using unprotected networks while accessing corporate data. In the case of Bring-Your-Own-Devices systems, lack of endpoint and network protection may lead to data leakage, Manasi added.
As a matter of cyber vigilance, organizations in India are not placing enough importance on employees’ attitudes and focusing data security implementation on user behavior and data transfer patterns, Manasi said—they put the spotlight on external threats instead, leading to internal loopholes in data security.
And then there are also the negligence and human error factors that constitute insider threats: these need to be addressed with proper tools and policies.
According to Siva Swarup Reddy Rachamalla, Cloudace Technologies, Hyderabad: “Organizations that do not address these challenges risk creating a two-tier workforce and losing top talent to those that have actively embraced the challenges and mitigate their risks. Some of the other challenges of slack data security management include dilution of culture: the impact on work culture as the workforce becomes dispersed by seamless connectivity.”
Cloud file sharing and external collaboration with companies, which are becoming more common for today’s enterprises, make the data leakage issue even worse.
Exploring the intricacies of DLP
While the rise of big data yields tremendous opportunities for enterprises, the resulting increase in data loss/leak risk requires the adoption of data loss prevention (DLP) measures.
Yet, according to Vishal Bindra, Founder, Klassify in Gurugram: “Finding the right DLP solution still remains the challenge in the market. Many companies here had burnt their hands in deploying the wrong DLP solutions.”
Vishal also noted that cloud data leakage is also becoming more substantial amid increased and rush digitalization: one way to complement DLP is to classify and prioritize data before a firm can effectively protect it. “IT teams here must not see using DLP like installing an antivirus software. They should have complete information on the data they have and how they are going to use it. Having a random DLP software without having the right data classified in the right manner is like installing a CCTV camera without a monitoring mechanism.”
For Manasi, who handles key enterprise clients at work, a DLP vendor needs to be a leader in Gartner’s magic quadrant as a baseline requirement. “We want to give the best-of-bid solutions to our esteemed customers, ” she said, noting that despite the emergence in the consumer awareness of data leak policies, the channel partners’ role is still relevant for unbiased and true opinions.
In the same vein, Swarup said that one key expectation from any DLP solution provider in India is that it can confirm that the product will fully meet each customer’s DLP requirements: “Some of the other expectations include the origin of the product, market response and track record, and customer support excellence that is contractually guaranteed.”