Share this article on:
Steve Moros from Proofpoint explains why organisations must adopt a new way of protecting sensitive data from both outside and within.
The world of work and business is a very different place today than it was just two years ago. Trends such as hybrid working, which was gaining traction for some time has rapidly accelerated.
But while most businesses are now well accustomed to a new normal, many policies and procedures are not yet up to speed. Controls in place to protect data, for example, were primarily built around traditional working practices and compliance.
In many cases, traditional data loss protection (DLP) solutions have focused on tools and perimeters designed to keep sensitive information in and malicious actors out. This legacy approach to DLP focused on data in use, in motion and at rest, without much context outside of this.
However, with many people now operating beyond traditional office settings, attitudes, behaviours and ways of working have changed. And with it, the way we access and interact with data has changed too. This new way of working requires a new way of protecting our sensitive data both from outside and from within. One that places much greater emphasis on people rather than just tools and controls.
Why it’s time to rethink DLP
While policies and procedures may be lagging in the new hybrid work environment, the same cannot be said of cyber criminals. Threat actors have wasted no time, first capitalising on the disruption caused by the pandemic and now honing their lures to target users in new and potentially less secure environments.
That old foe phishing increased significantly last year, with 95 per cent of organisations experiencing an attack. Over half of these organisations suffered at least one compromised account, and the consequences for those on the receiving end are severe. The cost of containing a compromised account has doubled in recent years, up from $382,920 in 2015 to $692,531 in 2021.
While legacy DLP solutions may detect and deter initial phishing attacks, these solutions do not collect any threat context information. This leaves organisations blind to data movement involving compromised user accounts and identities.
We surveyed over 300 of our Proofpoint installed customers to look at the changes from the pre-COVID world and reviewed the changes to the top 10 ranked alerts we observe. The biggest change agent for digital transformation was driven by COVID, which has changed the way our users operate, function and get their job done.
Work-from-Anywhere has had a huge impact on the alerts being observed. The three most notable are: Users are performing large file or folder copies which is up seven places, users are performing large file or folder copies during irregular hours which is up four places and users are accessing and sharing to cloud services which is up six places. These changes require a modern approach in how we protect and secure our organisation that for the most part, have all users working from anywhere.
A modern DLP solution, on the other hand, can help IT teams quickly spot and revoke malicious third-party apps and block known threat actors and malicious IP addresses that could lead to account compromise.
Legacy solutions can also present challenges preventing data loss in other areas too. Blanket data protection controls applied to entire departments or organisations can be cumbersome, hampering productivity and resulting in false positives. In fact, nearly 70 per cent of survey respondents reported that three in every four incident alerts they investigate within their traditional DLP solution are false.
A modern DLP solution overcomes this issue by adapting its detection, prevention and response to a user’s risk level and to the sensitivity of that data that’s being accessed. This tailored approach is particularly important for insider threats, the cost of which has increased by 31 per cent between 2018 and 2021, now standing at $11.45 million.
Legacy DLP may spot suspicious activity, but it provides no behavioural awareness before, during or after risky data movement – and offers little in the way of risky user behaviour analytics. In other words, legacy tools can’t help you answer the context of “who, what, where, when and why” behind an alert. The result is overburdened security teams and minimal insight into network activity.
Putting your people first
Your people are at the heart of any potential data loss. They are the ones with privileged access to your networks. They are the ones entering their credentials in your systems. According to the Proofpoint Quarterly Threat Data report, we have seen 300 per cent increase in corporate credential phishing. And, with over 90 per cent of cyber attacks requiring human interaction, they are the ones most likely to expose your data to cyber criminals.
That’s why a modern DLP solution must account for human behaviour, whether in the office, at home or in between. Unfortunately, this is not the case with many legacy systems. Most will see any anomalous behaviour as an instant red flag, impacting user experience and costing security teams precious time and resources.
At a time when “normal” working practices can mean different things from day to day, this approach is no longer fit for purpose. Remote and disparate workplaces need solutions that can proactively monitor and prevent data loss across endpoints while accounting for user behaviour, cloud access, and third-party apps.
And such adaptable protections are just one part of effective data loss prevention. This people-centric approach must extend into your training programs too. Total data loss protection also requires ongoing, targeted and adaptive security awareness training.
Training that leaves users in no doubt of the part they can potentially play in reducing the number and impact of cyber attacks.
Today’s cyber criminals are constantly evolving, targeting new and sophisticated threats squarely at your people. Our defences must evolve too. If not, this is arms race we don’t stand to win.
Steve Moros is the senior director, advanced technology group, Asia-Pacific and Japan at Proofpoint.