The Top Five Vectors for Data Loss in the Enterprise
With 2017 in full swing, organizations are planning their budgets for the year. In order to figure out the best way to allocate funds, it’s important to identify existing problem areas and challenges. One such area is data loss, with incidents such as the DNC hack and stealing of military specifications from Lockheed Martin dominating last year’s headlines.
In order to stop unauthorized (and sometimes malicious) parties from getting their hands on sensitive information, organizations need to pinpoint the most common vectors of data loss. But the sources of damaging data leaks aren’t always as obvious as you may think. Loss vectors come in a range of shape and sizes, with most involving a combination of technical and human factors.
To do this, we looked to a recent Enterprise Strategy Group (ESG) survey of 200 information security professionals, in order to pinpoint the weakest links in the IT ecosystem.
Unauthorized Cloud and Enterprise File Sync and Share Applications
For most workers, the rise of the cloud has made life simpler. In particular, Enterprise File Sync and Share (EFSS) applications have quickly become a cornerstone of corporate IT systems, allowing remote workers to act on company data with little to no friction. However, like with all new technology, the influx of EFSS in the enterprise has opened up new security holes and created headaches for InfoSec teams.
Of the executives surveyed by ESG, 33 percent reported that it is “somewhat likely” sensitive data was jeopardized by unauthorized cloud and EFSS applications in the last six months. Even more alarming than that, a whopping 1 in 4 (27 percent) believe it is “very likely” sensitive data was compromised as a result of cloud technology. These statistics highlight the fact that while cloud and collaboration technologies have been rapidly embraced by end-users, security features are still lagging behind. In order to alleviate this pain point, many leading EFSS vendors, including Citrix, have layered data-centric solutions on top of their existing platforms.
Hackers with Stolen Credentials
Authentication technology is essential to any organization’s IT strategy, but the keys to the castle often fall into the wrong hands, allowing hackers to hide under the guise of fully-authenticated users. These threats are particularly dangerous, since the monitoring tools deployed by IT departments likely won’t flag be able to flag behavior as suspicious until it’s too late.
According to 30 percent of respondents, it is “very likely” that sensitive data was ex-filtrated by hackers in the last six months. On top of that, 26 percent stated that stolen credentials are “somewhat likely” to have been the source of data loss, meaning this issue is top of mind in over half of organizations. In order to overcome the threat posed by malicious actors armed with legitimate credentials, organizations need to prioritize solutions capable of flagging suspicious behavior regardless of the user’s status.
Hackers aren’t the only perpetrators of data theft, employees also find themselves on the list of potential culprits. The days of stolen office supplies aren’t over, but insiders often stand to gain far more from stealing sensitive information, such as intellectual property or sales databases. ESG’s research found that 27 percent of IT decision makers consider employee theft “very likely,” with 33 percent ranking this vector of data loss as “somewhat likely.”
Similarly to instances where compromised credentials are the cause of a breach, insider threats are difficult to pinpoint since they don’t require processes outside of a typical workflow. To avoid a costly insider breach, organizations must be able to automatically enforce data-centric usage policies including who can access a file and what that employee can do with the file. The usage controls should also control ‘where’ a person can use a file (e.g. blocking use of a file on a personal device) and the ability to remotely revoke access after distribution. Enforcement of granular, data-centric usage controls are a necessary first step to assuring departing (and current) employees don’t walk away with an organization’s most valuable assets.
Third-party Collaborators (Partners, Contractors, Customers etc.)
Just as you can’t trust your employees to follow data security best practices, your partners, contractors and customers can often serve as a weak link in your cyber defenses. Working with third parties inevitably requires the sharing of information and the need to ‘trust’ the third-party security infrastructure, which further increases security risks.
Of the respondents to ESG’s survey, 28 percent stated it was “very likely” sensitive data had been stolen from third-parties in the past six months. The difficulty in remediating this issue is that businesses have little to no authority over the security measures put in place by external collaborators. And once information ‘leaves the perimeter’ anything can happen. In order to counterbalance the risks inherent in outsourcing of processes, organizations need to take matters into their own hands by deploying technologies that are able to assure security regardless of where data resides. Persistent, data-centric controls enable an organization to maintain constant control of information and remove concerns about the security posture of a contractor or partner.
Malicious software being installed on a corporate network is still commonplace, and it likely will remain that way for the foreseeable future. Firewalls and endless vulnerability scans are necessary, but not sufficient for assuring a network remains free of constantly evolving malware threats. Whether delivered via an infected webpage or email attachment, malicious software is a reality of InfoSec that practitioners must account for when devising their security strategies.
According to ESG’s study, 30 percent of executives believe it is “very likely” sensitive files were compromised by malicious in the last 6 months, with another 30 percent stating that the loss of data through this vector is “somewhat likely.” Securing infrastructure is no longer sufficient, and more attention should be paid to solutions capable of securing data while it is in transit, at rest, and at work. Persistent security assures that even if malicious software succeeds, the cyber criminal running the program will retrieve no usable data.