TechDogs-Your What, Why And How To "Data Loss Prevention": Part 2

IT Security

Your What, Why And How To Data Loss Prevention: Part 2

By TechDogs

TechDogs
Overall Rating

Overview

A little birdie told us that Mr. Stéphane Nappo, Global Head of Information Security for Société Générale International Banking and 2018 CISO of the year, believes that 'It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.'

What did he mean by that and how is that related to Data Loss Prevention? Find out all the answers in this second article of our Data Loss Prevention series.
TechDogs-A Better Way To "Protect Your Data"-Data Loss Prevention: Part 2

What do Facebook, Twitter and LinkedIn all have in common? Yes, they're all social media networks, and yes, they all (ironically) chose trustworthy blue as their brand color. If you hadn't worked it out yet by the title of this piece, the answer is: data loss and monumental data loss at that. Let's look at some of these anti-social network antics.
 
  • Facebook has lost millions of accounts' data over the years but its most significant breach to date occurred in April 2019 when 540 million account holders had their account names, ID numbers, comments and reactions posted in plain sight on Amazon's cloud servers. Shame Facebook hadn't learned its lesson in data security from the month before when, in March 2019, the passwords of 600 million users were saved as plain text on Facebook's internal network. That's a combined 1140 million breaches alone. Say What?!?

  • Back in 2012, LinkedIn thought they had lost 6.5 million account holders' passwords. Almost 7 million records are a lot but compared to some of the other breaches at the time, it's small fry, right? That's what we all thought until 2016 when 117 million LinkedIn passwords went on sale on the Dark Web - a miscount of 110 million records is quite some, well, record. Guinness, where are you?

  • In 2020, several Twitter employees became embroiled in a data attack that resulted in 130 high-profile Twitter accounts - including Barack Obama's, Jeff Bezos's and Elon Musk's - being hacked to post a fake Bitcoin deal. Twitter made a clear statement - this was human error, not technical failure. Twitter also had an instance in 2018 when they had to advise 330 million account holders to change their passwords out of precaution after a potential bug saved them in plain text in an internal file.

“And the award goes to....”

You might think that the data you handle is unimportant or uninteresting to anyone other than your organization. Does anyone really care how many candles Susan ordered? Which recipes Mark downloaded? Where The Masons went on their family vacation. Probably not. Passwords often unlock access to information people do care about, like social security numbers, addresses and bank transactions that leave your customers vulnerable to identity theft and impersonation. Do you want to be responsible for your customers going through that?
 
TechDogs-Data Loss Prevention Know-"More About Data Loss Prevention"


What Are The Benefits Of Data Loss Prevention?


In Part 1 of our Data Loss Prevention two-parter, we briefly looked at why you should adopt Data Loss Prevention software (DLP) but as the dangers are very real and very present, let's use Part 2 to take a deeper dive. These are just some of the reasons why everyone in your organization should champion enterprise DLP solution as a digital guardian.
 
  • Lawsuits, reputation and revenue, oh my! Losing control of your data is bad for your credibility and your profits. DLP helps prevent you from following that yellow brick road all the way to jail, to bankruptcy or to the unemployment office.

  • We all know someone who is excellent at their job but you wouldn't leave them in charge of a baby. If you can't stop them from holding a baby, the least you can do is wrap the baby up in a thick blanket. If data classification is your baby, then DLP is your security blanket. You may not be able to stop team members from having access to sensitive data altogether but you can make it so they can't break it.

  • More businesses are storing confidential data in the cloud, which sounds like a wonderful, safe space to store sensitive information to be protected by Care Bears but it's not. A lot of malware targets the cloud directly, so you need network DLP rules to protect it.

  • DLP software automatically encrypts sensitive data. This means that if anyone tries to access confidential file data leaks, all they'll see is something that looks like a mishmash of a toddler's schoolbook.

  • Cyber thieves are smart. No offense but probably smarter than you and they certainly have a lot more time on their hands. They're often driven by an end goal - even if that goal is merely to cause damage and disruption - and usually, they have nothing else on their to-do list other than focus on their criminal activity. You, however, have a job to do, maybe a family to take care of - do you really have the time to immerse yourself in data as thoroughly as a hacker would? DLP is your much needed helping hand.

While the benefits are intangible and in some cases immeasurable, the consequences are well...catastrophic. British Airway's £183 million ($230 million) fine for its 2018 data breach or Uber firing its CSO Joe Sullivan following the 2017 revelation that he paid off hackers to cover up the exposure of 57 million riders' and drivers' details are just to name a few. At the end of it the message is clear: if you're not practicing Data Loss Prevention, prepare to pay.


What Is Driving Data Loss Prevention Today?


In 2019, the DLP market was worth around $1.24 billion. By 2023, experts predict that the DLP market could be worth $2.28 billion, with North America carrying the lion's share. So, what's driving this tremendous growth?

Well, the risk of data leakage isn't going away. Quite the opposite. More and more onus is being placed with insider threats on Data Loss Prevention. We've even seen C-suite roles introduced - Chief Information Security team Officers (CISOs) - dedicated to the task. Change-drivers include:
 
  • More Data Storage Solutions: ​There are now more places to store data, longer supply chains and organizations have less control than before.

  • More Data, Period: We not only produce more data access rights but have also changed how we classify sensitive data. We now take branding, business methodologies and proprietary software as seriously as we do customer information privacy statement.

  • Compliance: Like the NYDFS (New York State Department of Financial Services) cybersecurity regulation or Europe's GDPR (General Data Protection Regulation), cybersecurity laws make it a legal requirement to behave more diligently with insider threats on data breaches.

  • Data Value: Data loss protection from theft is a lucrative crime. Hackers steal and sell data for thousands of dollars without leaving their homes. WFH criminals anyone?

 

How Do I Know If My Organization Needs DLP?


Are you running a business? Then you need DLP. That answer may feel flippant but it’s true for the majority of organizations. Ask yourself these questions:
 
  • Does my organization handle sensitive data?

  • Do we save that data anywhere? (From corporate networks to USB sticks, do you ever click  “Save”?)

  • Do we have human beings handling our data?

  • Is it the 21st century?


If you can answer yes to any of these, you need DLP.
 

What’s The Future Of DLP?

 
TechDogs-Future Of Data Loss Prevention-What’s "The Future Of Data Loss Prevention"

Technology in relatable fields and its applications will play a major part in the future of DLP policy as an endpoint protector. Encryption Software and Biometric Authentication - fingerprint scanners, facial recognition, retina detection - are becoming more sophisticated and mainstream. Artificial Intelligence and Machine Learning mean our technologies have become more intuitive but, alas, so will hackers. Meanwhile, more of what we do is in the cloud and as remote working continues to be a part of our lives, total protection with cloud-based platforms will become the norm.

Taking DLP technology for granted is a definite no-no. After all, as Stephane Nappo, Global Head of Information Security for Société Générale International Banking and 2018 CISO of the year said: “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”

Frequently Asked Questions

What are the benefits of implementing Data Loss Prevention (DLP) software?


Data Loss Prevention (DLP) software offers numerous benefits for organizations concerned about safeguarding their sensitive information. Firstly, it helps prevent costly lawsuits, protects the organization's reputation, and preserves revenue by minimizing the risk of data breaches. DLP also enables organizations to classify and protect their data effectively, ensuring that sensitive information is accessed only by authorized personnel. Additionally, DLP solutions automatically encrypt sensitive data, making it unintelligible to unauthorized users in the event of a data leak. By implementing DLP, organizations can mitigate the risk of data loss and maintain compliance with data protection regulations, thereby safeguarding both their assets and their reputation.

What factors are driving the adoption of Data Loss Prevention (DLP) solutions today?


The adoption of Data Loss Prevention (DLP) solutions is being driven by several factors contributing to the growing awareness and importance of data security. Firstly, the increasing risk of data leakage, particularly from insider threats, has highlighted the need for robust DLP measures. Organizations are also faced with a growing volume of data stored across various platforms and devices, making it challenging to maintain control and security. Compliance requirements, such as GDPR and cybersecurity regulations, mandate stricter data protection measures, further incentivizing the adoption of DLP solutions. Additionally, the lucrative nature of data theft and the rise of remote working have underscored the importance of comprehensive DLP strategies to protect sensitive information from evolving cyber threats.

How can I determine if my organization needs Data Loss Prevention (DLP)?


Determining whether your organization needs Data Loss Prevention (DLP) involves assessing several key factors. Firstly, consider whether your organization handles sensitive data, such as customer information, financial records, or intellectual property. If sensitive data is part of your organization's operations, implementing DLP measures is crucial to safeguarding this information. Additionally, evaluate where sensitive data is stored and whether human employees have access to it, as this will help identify potential vulnerabilities. Given the prevalence of data breaches in the digital age, coupled with regulatory requirements and evolving cyber threats, most organizations can benefit from implementing DLP solutions to protect their valuable assets and maintain regulatory compliance.

Enjoyed what you read? Great news – there’s a lot more to explore!

Dive into our content repository of the latest tech news, a diverse range of articles spanning introductory guides, product reviews, trends and more, along with engaging interviews, up-to-date AI blogs and hilarious tech memes!

Also explore our collection of branded insights via informative white papers, enlightening case studies, in-depth reports, educational videos and exciting events and webinars from leading global brands.

Head to the TechDogs homepage to Know Your World of technology today!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs’ members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs’ Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs’ site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.

Tags:

Data Loss Prevention SoftwareData Loss Data Loss Prevention DLP Cyber Security IT Security

Join The Discussion

  • Dark
  • Light