Data does not get lost by itself. People lose data, and it is time to change the way we protect it.
The last three years have seen remote work take off — which in turn has increased the potential attack surfaces an organization is exposed to. With the increasing use of cloud and collaboration platforms, people are now more than ever the largest attack surface.
In addition, organizations are creating and moving more data than ever, and are using new external pathways to access corporate systems. This is a huge danger because it gives threat actors more ways to break in but also makes it harder to track what workers are extracting out. This in turn creates new forms of security risk for businesses because it is increasingly challenging to both understand when data is at risk and implement the proper controls to mitigate that risk.
Also, today’s cybercriminals are constantly evolving. Therefore, our defenses must evolve too.
So how can organizations address these relatively new data security challenges?
Tackling the insider challenge
We first need to recognize that data does not lose itself: it is people that lose data.
There will always be the employee that falls for a phishing attack; the dishonest worker that steals data, or the well-meaning but negligent insider that makes a mistake and exposes the organization to a breach.
While we cannot attribute the overall rise in insider threats to a single factor, the Great Resignation and the shift to work-from-anywhere have both exacerbated these risks. This makes data protection more difficult for organizations.
Also, a dispersed workforce creates a greater reliance on the cloud, which is a significantly larger attack surface; and a weakening in the visibility and effectiveness of legacy data loss controls. Plus, it is easier than ever to share and expose large amounts of sensitive information — both carelessly and maliciously.
Addressing the hybrid-data challenge
While most businesses are now accustomed to the post-pandemic norms, many policies and procedures are not yet up to speed. Controls in place to protect data, for example, were primarily built around traditional working practices and on-premises systems.
However, with many people now operating beyond traditional office settings, attitudes, behavior patterns and ways of working need to change. And with this, the way we access and interact with data also needs to change.
Organizations need to have a different strategy when it comes to protecting sensitive data — both from outside and within — which is why greater emphasis should be placed on people, rather than just tools and controls.
There is no time to waste. Threat actors have already evolved — first capitalizing on the disruption caused by the pandemic. Now, they are honing their bait to target users in new and potentially less secure environments.
While traditional Data Loss Protection (DLP) solutions have been focused on tools and perimeters designed to keep sensitive information in and malicious actors out, legacy DLP may only be able to spot suspicious activity without providing behavioral awareness before, during, or after risky data movement. In other words, legacy tools cannot help organizations answer the context of “who, what, where, when, and why” behind an alert — resulting in overburdened security teams and minimal insights into network activity.
A modern DLP solution can fix this by helping IT teams quickly spot and revoke malicious third-party apps and block known threat actors and malicious IP addresses that could lead to account compromise. A modern solution is also consistently adapting its detection, prevention, and response to a user’s risk level and to the sensitivity of that data that is being accessed.
Crafting a robust data strategy
This is exactly why a robust data strategy must include a combination of people, process, and technology.
While putting the correct technological controls in place is vital, people are still at the heart of any potential data loss. They are the ones with privileged access to a business network; they are the ones entering their credentials in an organization’s systems. And, with over 90% of cyberattacks requiring human interaction, they are the ones most likely to expose sensitive data to cybercriminals.
That is why a modern DLP solution must account for human behavior in the office, at home, or in-between. Unfortunately, this is not the case with many legacy systems: most will see any anomalous activity as an instant red flag, which is an approach that no longer works. Work-anywhere arrangements require solutions that can proactively monitor and prevent data loss across endpoints while accounting for user behavior, cloud access, and third-party apps.
Furthermore, adaptable protections are just one part of effective data loss prevention. This people-centric approach must extend into cyber training programs, too. All the tools and controls in the world are not enough, individually: total data loss protection requires ongoing, targeted, and adaptive security awareness training that leaves users in no doubt of the part they can potentially play in reducing the number and impact of cyberattacks.
