Key indications that data leakage is a problem within the organization
Potential insider stock trading, trade secrets theft, along with competitors’ malicious intent to disrupt other companies’ business operations all are signs of data leakage challenges. These types of key risk indicators also could include confidential data or sensitive information appearing online or in the press, client payment card information such as personally identifiable information (PII) appearing on Darknet, or a list of employees’ home addresses and date of birth showing up on dating sites. These indicators show a clear series of security breaches, unauthorized users’ access to company data, and the willingness of the cyber criminals to profit from the theft of these sensitive files. Most times, business critical data leakages from priority users may not have been intentional. People, in the normal course of business, will copy files to a USB drive, email attachments to their clients, and copy data to ShareFile or Dropbox. Yet, during this same business cycle, disgruntled users in time become the biggest risk for the organizations. These users over time will bypass data loss prevention dlp policies and choose to send the information to unauthorized depositories or external email boxes. Data loss prevention software like VONTU and other DLP solutions provide the rule sets to stop rogue data leakage behavior by monitoring user actions by applying intelligent detections capabilities, including pattern matching schemes, block sending email attachments based on file type, and preventing connection to external storage depositories.Role of SECOPS in the Data Leakage Strategy
SECOPS teams’ primary focus is to protect the company’s crown jewels; client and employee sensitive data, trade secrets, and financial information. By leveraging a coherent DLP strategy, and using a variety of DLP tools, including email DLP, CASB, network DLP, and endpoint security, SECOPS teams have several advanced threat protection capabilities to reduce the risk of stolen data. SECOPS security teams deal with continuous threats around costly leaks, cyber attacks against their supply chain, and third-party data breach from their business partners. Many advanced features found in data leakage prevention tools stop these indicators from happening, effectively managing to protect data. Key risk metrics managed by the SECOPS teams include reporting showing the number of attempts by the users and external connections from copying data to the cloud, and maliciously sharing data, as well as how many of these attacks were prevented. To ensure sensitive data protection, SECOPS will provide guidance to companies and apply a contextual risk score for organizations to align their proactive and reactive strategies according to several key evaluation criteria. .Rogue Employees and Business Partners DLP Strategies
When does an employee show signs of abnormal user behavior? Rogue behavior can start from a fundamental disagreement over how individual users run the business or a feeling by the employee that they are not receiving the reward they feel entitled to for the efforts they produce (read more about insider threat drive data leakages here). Rogue behavior and insider threats can also come from someone who was passed over or over ruled on big decisions. These individuals chose not to resolve the issue professionally. They have, however, chosen to listen to their emotions and take matters into their own hands, including engaging in security violation policies behavior. The challenge for SECOPS is that the person may not show up at a level of activities alerts early in their data leakage execution. At an organization level, managers, directors and HR personnel try to recognize a change in employees’ personal and overall work ethic. However, many of these rogue employees will carry on sharing more data for several months without showing signs of the plans to leave the company.DLP is a not end all prevention strategy
More and more companies are dealing with internal and external threats. In a network attack, attackers are focused on penetrating the corporate networks and gaining unauthorized access to internal systems. A DLP solution can analyze traffic or filter data streams to detect sensitive data but cannot stop all attacks and nor can it mitigate the risk of poor business processes. “A DLP program is a risk reduction, not a risk elimination exercise,” says Anthony Carpino, Director Analyst at Gartner. “Treat DLP as a program and process, not a technology, and follow specific steps to implement it successfully.”
A DLP program by itself is a reduction of a problem, not removing the problem itself. The priority of business methodologies more often prevents true DLP strategies from fully deploying. If a security adaptive control blocks or restricts a business operation, more often these controls are disabled or moved to a read-only state. Cyber Security threats that impact organizations are very much on the rise even when organizations are trying to follow data loss prevention best practices. Attacks against the cloud surged in 2020, totaling 3.1M in 2020 and making up 20% of all attacks. These recent attacks have created a hostile environment of breaches, leaks, and exposures, leading to a record number of data breaches in 2021. Yet, even with CASB DLP, cloud functionality and cloud storage still are affected by data leakage hacks.The Role of Behavior Analytics
Modern DLP capabilities include several new functionalities including UEBA or end user based analytics to compliment legacy data leakage capabilities. UEBA functionality leverages machine learning and artificial intelligence based on other users’ actions on the various systems to track early indicators. These new advanced capabilities model their users’ actions over a period, including the following indicators:- Time of day the user logins
- Location of the user when they are logging into a host
- What systems do they access normally?
- Is the user logging in from over one location at the same time?
