Current Filter: Security>>>>>Feature>

   

"As the Code42 2016 Datastrophe Study recently revealed, 42% of data is now stored on endpoint devices, such as laptops and tablets, increasing the attack surface available to cyber criminals," states Rick Orloff, CSO, Code42. "And, as with any battle, defending a larger area with multiple entry points poses a far greater challenge."

In fact, the scale of the challenge is so large that the common first line of defence [eg, access controls and firewalls aren't optimised for the larger attack surface] rarely holds up in isolation, he adds. "For example, 90% of large organisations experienced a data breach in 2015. Multiple access points to sensitive data means that the potential for human error or even malicious activity increases exponentially. In the worst-case scenario following an incident such as this, an organisation could be faced with a situation whereby its own data is encrypted and held to ransom [ransomware]. Cyber criminals are increasingly wise to the value this technique can generate, so businesses are often faced with no choice but to pay up," he points out.

Clearly, multiple threats across numerous entry points cannot be protected by a single line of defence. "Instead, CIOs/CISOs should adopt a multi-layered approach, incorporating a modern endpoint backup solution with real-time recovery that operates continuously to defend against encryption of data via ransomware," he advises. "But tools are only half the battle. End users will always circumvent tech and safeguards if they negatively impact their working methods and productivity, so any security implementation should create the least amount of friction possible.

"In terms of a broader strategy for protecting data against human error, communication is key," says Orloff. "As it stands, 67% of knowledge workers believe their company does not have a clearly defined BYOD policy in place. Therefore, visibility of said policies, coupled with ensuring that employees understand how best to look after their data, is a central component of the CISO role and indeed that of the wider IT department."

ERA OF AUTOMATION
"Data leak prevention started with technologies to manually control access to sensitive information. Sensitive information was identified by management personnel. Individual documents, files and databases were then secured by the manual administration of passwords," says Tarique Mustafa, CEO, GhangorCloud.

"The next generation of DLP technology focused on identifying data leaks of structured data. 'Signature matching' technology was implemented for identifying critical structured data such as credit card numbers. But a person had to tell the system what patterns to match.

"The third generation of DLP technology focused on addressing sensitive data in unstructured form. All kinds of sensitive information can be included in the text of an email, in a spreadsheet or presentation. Borrowing from the previous generation, fingerprinting technology for unstructured data was introduced. But it still required manual pre-processing."

Automation, argues Mustafa, is necessary to take DLP to the next level. "Humans cannot keep up with the problem of manually identifying and controlling sensitive data. There are too many variations. And there is too much information transmitted each hour of the day for humans to be able to identify and classify what is sensitive."

Page   1  2  3  4