Do insiders pose the greatest threat to data loss in an organization? Recent statistics indicate the answer is yes. Actually, according to one study, over 90% of all cyberattacks were conducted by an insider1. The overwhelming result is that companies must focus on preventing data loss by getting ahead of insider threats that may be due to both malicious intent and accidental occurrence. Here are four developments for 2017 that you should focus on in conjunction with your overall insider data loss prevention (“DLP”) strategy.
- Detecting Data at Risk
Locating and prioritizing potential threats and data that is subject to those threats is a key concern for 2017 data loss prevention initiatives. But before the threats can be acknowledged, the items at risk must be identified first. Today’s companies will store many gigabytes of data across a large number of products and services. As a result, it is critical to implement a proactive system of detection in order to actually flag data and activities that may be subject to a threat in the first place1. Once pertinent data or activity is identified, the company will have better ability to decide how to protect it or whether additional protection protocols are necessary.
- Development at All Levels
Data loss prevention largely occurs because of employee error or accident. But, the past was stricken with feedback often occurring after the fact or only certain levels of employees receiving the necessary training. 2017 data loss prevention initiatives should include active development of all levels in order to prevent significant inadvertent data loss. These initiatives focus on the importance of providing the necessary training to all levels in the company and not just a select few. The benefit of involving all personnel is that this creates an organizational culture focused around preventing data loss. Said differently, organizations in 2017 should be intent on rallying the entire organization from the top down and bottom up to ensure data loss prevention strategies are implemented on a company-wide level3.
- Continued Move to the Cloud
As with many other applications, 2017 developments continue to push data to cloud-based platforms. This is driven heavily by the sustained use of mobile which keeps data moving between sources. This mobile data opens doors to data loss since most of the time users transmit the data well before they are logged into a regulated system. 2017 developments include a focus on using cloud-based platforms to better assist in predicting mobile data as well as to better discover and to understand potential gaps2.
Emphasis should also be placed on the balance between controls that offer oversight and efficiency. Many traditional systems involving cloud platforms prevented data loss but were paired with extreme inefficiency. Said differently, there were traditionally a number of applications that monitored mobile data that caused processes to be bulky and overdeveloped. 2017 developments should include processes focused on bolstering protection and efficiency simultaneously2.
- Managed Services
The field of data loss prevention continues to experience rapid growth. Companies are continually drawn to data loss prevention initiatives in part due to lack of resources and time to monitor internally; however, additional drivers include increased regulation and large scale changes in breadth and depth of data reach. Often times, companies are not even aware of the volume of data that needs to be protected. The solution often lies with managed services, which leverage outside contractors who are better skilled at handling data loss prevention. Managed services should be considered since they offer an independent vendor who can better monitor systems without the potential for insider bias2.
Data loss prevention continues to be a hot topic in 2017 with significant developments. These developments include detecting at risk data, company-wide education, cloud movements and managed services. As these services expand, the goal is to cut down significantly on costly insider data breeches that could have substantial negative impact on the company.
1Friedlander, Gaby. “The Connection Between Insider Threat and Data Loss Prevention.” Observe IT. 2015 November 2. https://www.observeit.com/blog/connection-between-insider-threat-and-data-loss-prevention. 27 February 2017.
2Reed, Brian and Kish, Deborah. “Magic Quadrant for Enterprise Data Loss Prevention.” Gartner. 16 February 2017. https://www.gartner.com/doc/reprints?id=1-3TPE5D0&ct=170216&st=sb&mkt_tok=eyJpIjoiTURZeU9UTTFZakE1Tm1aaiIsInQiOiJtT01IY0pKYTZYQm9HKzJCYlBZUUhvZ2x2d3pTRjdSVWRObnhyUFBsMEx0bVBaWmQ1NGFXVWJcL0d0Vm1FXC8yYkhUZW1YdWhWYzRGY1wvVmhrSjFuUkRlRVNqZlFnS0c3S0NsTDVGdElNaWt0clphSTFBWFhNb3JjaXFSTjhZOGQ3WSJ9. 23 February 2017.
3Brittain, Jac. “Retail Technology Trends Shaping the Future of Loss Prevention.” LPM Insider. 2016 November 28. http://losspreventionmedia.com/insider/loss-prevention-technology/retail-technology-trends-shaping-the-future-of-loss-prevention/. 27 February 2017.