In
recent years, companies have redoubled their efforts to protect your
data. Technological investment, with the aim of preserving information,
has become one of the main security objectives for companies. Despite all
these caveats, DATA
LOSS PREVENTION (DLP) is a practice that has been relegated, despite the
importance of having adequate protection of this information.
This
is a serious problem that is not taken into account, since being a practice
that involves different areas; it is very complex to have a clear vision of
what has to be protected, due to the large volume of files that are generated,
day after day.
In
this situation, Symantec has identified the main challenges to
achieve the best possible data protection. The reasons can change between
companies, as each has its own objectives. Therefore, one of the main
questions that companies have to answer, when defining the scope of data
protection, is what needs to be protected and why?
In
addition, it is important to recognize the main focus of the business to better
protect the desired data, since it will allow the company to align the
necessary resources to carry out, successfully, these actions. For these
reasons, a data protection project should be on the agenda of all company
employees.
As
there is no common data set, each scenario will be different, but the first
rule is 'cannot protect everything'. For example, a financial institution
will have to prioritize protecting its customers' credit card data, over other
areas, which, while important, are not as sensitive. Being a potential
target for hacking, they must reduce the risk of fraud and must maintain a good
reputation with their clients, since an event of information theft can
seriously damage their reputation and market share.
Where
the data that companies want to be protect by DLP?
The
data can be on file servers, applications, databases, computers, laptops,
mobile devices, USBs or on the web. This cycle has changed dramatically
due to the growth of mobile devices and the offering of cloud services. It
is estimated that 36% of a company's critical data is in the cloud and that at
least a third of it is outside the control of technology departments, so
implementing a data protection strategy should consider these variables.
For
a couple of years due to the trend of data ubiquity, it is recommended in these
projects to have a Cloud Access Security Broker (CASB) that is integrated with
the DLP solution,
because it will allow extending the data protection strategy to the cloud.
The
way in which the data is consulted allows us to know the associated risk since it
is not the same to consult the data on a computer that complies with security
policies and within a secure network; than to consult the data from a
mobile device. Another challenge in the technology area is that 50% of
employees use their personal devices to access information, therefore there is
a risk associated with the device that must also be considered. The risks
of connecting to insecure networks must also be mitigated.
Some
companies even take additional prevention actions, such as encryption strategies
for when there is sensitive data that, by the way, reason or process, has to
leave the organization, this helps to solve the business need, but in turn
continue in a compliance framework and within established policies. In
addition, it is important to mention that a data protection strategy is a
long-term strategy that involves several business areas and constant advice.
Common Mistakes made in Cybersecurity
In terms of cybersecurity, companies
commit risks, which in many cases can be classified as childish. From
All4Sec they give some samples of it:
1.
People
and the use they make of technology in their jobs. Phishing campaigns or
even malicious use of corporate resources are perhaps the most obvious examples
of how technological measures fall short when an employee decides to act
irresponsibly. It is necessary to make people aware of the relevance of
their decisions regarding the use of corporate resources and invite them to
follow the guidelines set by the organization.
2.
Closely
related to the former are interconnections with partners and those who often do
not have restrictive access measures imposed on company systems. It is not
strange to observe how, sometimes, we give access to our infrastructures to
external actors with privileges that do not correspond to them.
3.
Another
risk that companies often take on is poor planning of the upgrade procedures
for their technology infrastructures. A large part of the cybersecurity
problems in a company come from not updating the software they use. It is
only necessary to see how much of the malware that circulates on the Internet
exploits vulnerabilities that the operating systems presented and that, even
resolved with new versions, have not been incorporated into the company's
computers.
4.
It
goes without saying that the use of personal devices (BYOD)
for professional activities is another risk that many companies often take. Even,
on the contrary, the use of professional devices for personal use. An
employee's behavior patterns outside his workplace can have serious
consequences for the organization if proper measures such as MDM are not
available.
5.
Lastly,
there are the authentication and authorization mechanisms. Controlling
access to resources with adequate privileges is something that not all
companies have defined, which entails situations in which everyone (or too many
people) have access to all the information in the organization. In
addition, there is the use of adequate two-factor authentication mechanisms
(2FA) that reduce the risks associated with a weak management in the use of
passwords without a minimum of quality and that are never changed.
Also
from Netskope some key elements that companies perform incorrectly and that
usually have to do with the adoption of the cloud are pointed out:
1.
Exfiltration
of sensitive information to applications not regulated by the company. You
cannot block everything, but you have to prevent critical data from coming out
through certain applications. A recent example is Tesla's autopilot source
code uploaded to iCloud.
2.
Mobile
users lose protection. Traditional on-prem perimeter protection structures
are not enough to protect and control users when they leave the office, and
they are exposed to the Internet directly.
3.
Misconfigurations
of IaaS instances that are exploited by cybercriminals to compromise them and
distribute malware.
No comments:
Post a Comment