In 2014, an average of 2.67 million data records were lost or stolen every day, according to Breach Level Index.
That’s no surprise, given the steady drumbeat of breach-related news last year. Major brands like Target, J.P Morgan Chase, Home Depot, eBay and Sony Pictures all became victims of cyberattacks that jumped from the business page of the newspaper to the front page.
Anthem Healthcare has been the most recent victim, with an estimated 80 million records containing sensitive information such as birthdays, Social Security numbers, family members and more now in the hands of malicious hackers.
By the end of 2014, it’s no wonder that the NSA’s Director Admiral Michael Rogers echoed the sentiments of many corporate security and IT executives when he said that a major cyberattack is, “Only a matter of the ‘when,’ not the ‘if.’”
This change in mindset is a significant one. Migrating from preventing a security event from happening to neutralizing the effects of an event when it happens is a significant strategic and tactical shift.
Protecting your data during a security event is broadly referred to as “data loss prevention” (DLP) and that’s why it’s one of my “Top IT Trends of 2015”. So with that in mind, I’d like to briefly outline what data loss prevention is and why it’s an important addition to any company’s security portfolio.
NOT ALL THREATS ARE EXTERNAL
In January 2015, Morgan Stanley announced that the identities and financial information of approximately 350,000 of their top wealth management clients had been stolen from the company. But this wasn’t the work of hackers overseas; the thief was one of their own financial advisors.
This was an extreme example, of course, and such criminal behavior is the rare exception. But data breaches due to a lost or stolen laptop—840,000 Blue Cross/Blue Shield of New Jersey subscribers—or a misplaced USB drive—33,000 medical records from a California hospital—are a much more common event.
The activities of hackers and identify thieves get most of the headlines, but statistics show that the majority of data breach events aren’t malicious; they occur due to the accidental loss or theft of laptops, mobile devices and portable storage.
In fact, an estimated 68% of all recorded security incidents in the healthcare industry over the last five years have happened for those reasons.
DATA LOSS IS DATA LOSS
In the DLP worldview, a deliberate cyberattack from an outside threat isn’t a whole lot different than a portable hard drive left at the airport gate. In each case, data that was previously only in the hands of the company no longer is.
When this happens an organization’s DLP processes and technologies work together to:
- Minimize the potential loss of data in the first place.
- Mitigate the risks of data loss if and when it does happen.
It does that by:
- Cataloging the company data and classifying it. Understanding what data are considered sensitive and where they are located in the organization.
- Monitoring the flow of data throughout the organization. This includes the movement of data across servers, PCs, mobile devices, cloud storage and collaboration tools, email, instant message and more.
- Protecting the data at rest and in flight. DLP tracks the movement of data around the organization and partner ecosystem to ensure that it remains within the policies and parameters set for that particular type of data.
- Managing and reporting potential risks. In the event that the established parameters for a particular set of data are exceeded, the DLP system would notify the appropriate individuals for immediate action or, in some cases, block data from moving from the device.
NOT ALL DATA IS CREATED EQUALLY
In order for DLP to work effectively, it’s essential to:
- Document what data are sensitive.
- Identify what individuals are authorized to access that data.
- Determine where that data can be safely accessed or stored.
For example, a PDF of a sales brochure could be shared on cloud collaboration sites and viewed by anyone inside or outside the company. In the event that a USB drive containing the file were to be left in the back of a cab, no action would be required.
The company’s database of employee government ID numbers would be a different story. This data would be highly restricted to just a few approved locations and users.
If the DLP system were to see data being copied from the database outside the company firewall by an unauthorized user, it would alert the company’s security team right away and document the data’s movement to mitigate any potential risks or damage.
BETTER EYES, NOT THICKER WALLS
In today’s business and security environment, data loss prevention is a strategy worth embracing.
As workers have become more mobile, a company’s sensitive data is no longer locked up deep in the corporate data center. It’s out on the edge of the network, circulating across a wide range of mobile and portable storage devices…devices that can be easily lost or stolen.
At the same time, the external threats waiting just outside the company firewall are smarter, more organized and more advanced than ever before. Facing an asymmetrical threat like this is impossible to defend by simply fortifying the perimeter and hoping for the best.
As data breaches—both internal and external—become all too common, data loss prevention offers businesses a way to stay out of the headlines by minimizing the chances of potential data loss, and working quickly to mitigate the damages in the unfortunate event that a breach does take place.