[BreachExchange] 5 Reasons Your Organization Needs Data Loss Prevention
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Sep 11 21:17:39 EDT 2017
http://www.dataversity.net/5-reasons-organization-needs-
data-loss-prevention/
You’ll find dozens of products out there calling themselves Data Loss
Prevention (DLP). And, while such technology may be part of your solution,
data loss prevention is a full-time and full-blown strategic approach to
protect your data. There are at least five reasons your organization needs
data loss prevention.
You Have Everything To Lose
Data may mean different things to different people. It means one thing to
financial people and another thing to operations managers, human resources
functions, and so on. It includes your intellectual property, customer
records, employee identities, financial performance and much, much, more.
Data holds all the secrets to your competitive advantage, product
innovation and future plans. It includes everything that interests all your
of stakeholders. And, data leaks or criminal theft closes companies every
day – pending their recovery or death.
A poll of 1,000 business decision makers, conducted by research company
Vanson Bourne, revealed:
One in four are certain their companies will suffer from a security breach.
The cost of the security breach will on average be almost $1 million.
Larger companies can expect even a greater figure.
Three out of four don’t believe that all of their business data is totally
secure.
Two out of five believe data is more secure on their home computers than
their work computers.
When data means knowledge, your dense and deep data is more important than
ever. The denser and deeper the knowledge, the more able your data loss
protection must be.
They’re Smarter Than You
Cyber thieves have nothing else to do. Their purpose is to deny, destroy
and disrupt. They have no other task before them. With passion, time and
financing on their side, they are armed in ways that for-profit and
non-profit organizations find impossible to match.
Even businesses in the field of DLP struggle to keep up and outguess next
steps. New malware debuts on the Internet all day, every day. Cyber
criminals attack large companies with full out offense systems and/or sneak
into those same systems one computer or mobile device at a time.
They’ve targeted governments, election systems and intelligence agencies.
Businesses as big as Target, Sony Pictures, Anthem Healthcare and Penn
State University are just a few of the mega organizations that have been
hit. They have lost credit card numbers, patient healthcare records,
private correspondence and academic records.
However, as Fox Business News says, “It’s now small mom-and-pop businesses
of all stripes – retail shops, leisure activity businesses, hotels, health
clinics, even colleges are getting hammered by cyber criminals. And it’s
pushing many entrepreneurs to the verge of bankruptcy.”
You’ve no doubt heard of Trojan horses, worms, viruses and more. But, spear
phishing seems the latest way of getting into your business. Spear phishing
labels the emails in a manner to appear as though they’re from a known
commodity to the employee opening it. The email is personalized enough to
prompt opening the message and the contaminated attachment.
Just recently, people have been receiving emails telling recipients that
their recent Amazon order has been canceled. It looks like any Amazon
email, but upon checking you’ll notice it’s an “http://” not “https://”
identity, and that the sender is not Amazon. Nevertheless, it’s easy to see
how many Amazon customers might instinctively open the apparent Amazon
message.
People Will Make Mistakes
Most data disappear because of employee issues, rather than external
criminal activity. Some employees deliberately steal data as a form of
revenge for some perceived negative treatment, for personal profit or for
no other reason than to sabotage the business.
Employees can be a major risk to data security. For instance, there’s the
salesperson that uses a thumb drive to copy the client list. Or, there’s
the HR clerk who steals employee identification. Then there’s the draftsman
who copies a blueprint. All such theft means immediate or eventual loss to
the organization.
Employees use company computers, mobile devices or other digital
connections to shop, email and surf the web. Users are on social media, as
well as business and personal email, and they often work in unsecured
environments.
Even innocent communications involve sending and receiving information that
can be loaded with bad stuff that further transmission spreads. One
malicious attachment can invade and ravage your entire system.
Data Is Bigger Than Ever
Any keystroke on any device in your organization creates data. It grows
exponentially and bulges at the seams. Information Technology works at
directing, managing and storing it. But, it’s like managing water flow.
Among the Data Management problems is differentiating the quality of the
data. It is not in the nature of data to display its importance, privacy or
security priority. Helping the data understand its own importance would go
a long way to channeling it and creating levels and thresholds of security.
Individual one-size-fits-all DLP responses don’t differentiate either. You
need strategic solutions that understand the location, direction and use of
the data. Your strategy needs to create barriers aligned to the nature and
quality of the data and/or its level of confidentiality. You need to know
who or what creates the data, who uses it and who transmits and receives it.
As Your Data Goes, So Goes Your Business Reputation
Responsible organizations must bite the bullet and announce their data loss
event. They have an ethical responsibility to inform their public. But,
having done that, they are also sending a message to their customers,
vendors, prospects, investors and stakeholders.
No matter how quickly the business recovers or mitigates the problem, the
damage is done. The organization has proven to be vulnerable. Its trust has
been compromised and its value diminished. It is a public relations problem
on one hand, and a fundamental financial loss on the other.
In the interest of protecting information in a global economy, an
increasing number of countries have enacted increasingly stringent
compliance regulations on data protection. So, at the very least, your data
loss may subject you to fines, penalties and loss of contracts. Still, this
global compliance has trouble keeping up with new technologies and the
growing sophistication of those criminals working in the dark web.
Your Business Just Deserves Better
These five reasons all speak to the same point. In time, your business will
lose data. And, there is no single solution now or in the foreseeable
future. As a result, you need strategic and self-sustaining policies and
procedures in place to manage your data against potential loss.
That strategy will include quality DLP technology. But, it will also
require continuing training, education and monitoring. It takes investment
in loss protection and risk management, now and in the future. And, it
takes a corporate consciousness of the problem and universal understanding
of the needs and preventive measures.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170911/38d40ce3/attachment.html>
More information about the BreachExchange
mailing list