Current Filter: Security>>>>>>

   

Leakages of confidential information that reach our ears are apparently only a fraction of all the incidents that occur, with many businesses hushing this up within the organisation. But how can it be that even some top-performing enterprises cannot adequately secure their data? Where are they failing? Is it even possible to keep your data safe at all times?

These are some of the questions that have been taxing the mind of Lior Arbel, CTO of Performanta, on behalf of the many organisations seeking to keep safe their data, against a backdrop of ever more data leakage occurrences. In a world where few want to risk the public embarrassment of being known to be a victim, the extent of the problem is really anyone's guess. But it goes deeper than that.

"For starters, far too many companies see data loss prevention (DLP) programmes as a taboo subject, rather than a necessary and business-critical part of a modern company's IT infrastructure. Whilst there is no doubt that designing, implementing and managing a DLP programme can be challenging, if implemented correctly, it can fundamentally protect your business-critical data and enhance your business practices," states Arbel.

OUTGOING DATA CRITICAL
"Secondly, perceived wisdom has seen companies focus on protecting themselves from incoming malicious traffic and thinking that makes them secure - that isn't the case. Tracking outgoing data is also critically important to keeping intellectual property (IP) and business-critical information safe. A recent study by Symantec and the Ponemon Institute found that, whilst globally the most common cause of a data breach came from malicious or criminal attacks, the human factor (negligence) and system glitches (IT and business process failures) internally still accounted for almost two-thirds of data breaches."

KEEPING TRACK
It is possible for companies to expose and track data leaving the system and record where it goes, of course. "If data is categorised, and separate levels of access are established, then it is possible to not only track what data is moving where, but also who is doing the moving," he continues. "Automated solutions are able to identify malicious behaviour within a network and reduce data loss. Employees' 'typical' behaviour can be analysed and profiles created, so that any irregular activity or deviations inside the network can be identified.

"If a user profile indicates that an employee regularly accesses certain network areas and a certain amount of files every day, and suddenly this behaviour changes, this raises a red flag on the security of their account or actions. This approach can aid companies in discovering activity that could indicate an insider threat or an external attack."

Finally, though there is no doubt that DLP can enhance your business practices and help protect your business against the latest data breaching threats, Arbel stresses that, despite your best efforts, unscrupulous people will at some point be able to gain access to the network. "If a nation state, for example, with its vast resources, wanted to access your systems, there is little that any IT team could do to stop them. However, it is worth noting that, even if an attacker can succeed in getting into the system, when and how they take data out can expose them, if the right systems are in place. Possible actions can then include changing business processes, correcting IT issues and even reporting to the authorities for criminal prosecutions."

After the recent news stories about companies that have been hacked consistently for years and did not even know, CIOs have never been under more pressure to keep their companies business-critical data safe. "Every company which has sensitive information - and all companies have some sensitive information - should take steps to ensure its information is monitored and secured. Whilst a DLP programme will not solve every data issue, DLP solutions can bring visibility to the movement of a business's data. If used in conjunction with other technologies and policies (including employee education), much can be done to improve a business's data security."

Page   1  2  3