Tag Archives: data loss prevention

Top Breaches in Higher Education in 2015 -2016

In continuation to our series on data loss in higher education sector, this article identifies the top breaches that have taken place in institutes all around the country. These incidents are noteworthy because they spiked up awareness about higher education being a soft target for data breaches.

April 2015 saw one of the biggest breaches at Auburn University where about 360,000 people had their social security numbers exposed online publicly. These people were not even registered/ enrolled students of the university but were either applicants or prospective students.

In May of 2015, when the breach was discovered at Penn State University, it had already affected 18,000 records. It was found that the unauthorized access had started way back in 2012 at the College of Engineering and had gone unnoticed till 2015. The alarming issue here is that it took 3 years to detect the breach and the network had to be disabled for 3 full days, significantly affecting continuity of work.

June of 2015 saw another breach at Penn State University. This time, the College of Liberal Arts, came under attack for unlawful access.

A similar breach took place at University of Connecticut in July 2015. The servers were hacked by unauthorized users from China beginning 2013. About 1,800 user credentials were exposed though it was never confirmed if any intellectual data was compromised. During the investigation, malicious hardware was found on the servers.

University of Virginia notified in August 2015 that there was a cyber attack originating from China, resulting in the University reinforcing protection of its network against future breaches. Although no PII was stolen, people quickly became aware of the inherent risk that large institutes face because of lack of adequate data loss prevention measures.

In September 2015, at least 80,000 records of students enrolled in an online course at Cal State got hacked. Sensitive information was compromised because of this. The cause was attributed to malware in third party applications offered by a vendor administering the online course. While the PII was not exposed, user IDs and passwords, college emails, gender, and race were made public.

In another incident, California Virtual Academies (CAVA) informed its registered users in December 2015 that their data storage system was exposed as a result of data breach. CAVA, within hours, was able to locate the vulnerability and contain it by securing the system. Users were still urged to check their personal accounts, change security settings online and familiarize themselves with information provided on credit and identity protection.

In January 2016, Southern New Hampshire University (SNHU) confirmed that due to a configuration error on part of a third party vendor, a database containing names, email addresses, IDs, course details, scores etc. had been exposed. About 140,000 students had been affected due to the breach. Since SNHU claimed to have 70,000 enrollments, it was understood that the records either had been duplicated or both former as well as current students had been affected. The investigation is still ongoing.

In February 2016, University of Florida reported that as many as 63,000 records with PII were exposed to hackers. The records belonged to former and current students as well as staff members. The management also notified that credit card information, other financial data and health records were not comprised.

Conclusion

The above-mentioned incidents reinforce the vulnerability of the higher education sector. Tighter regulations and comprehensive data loss prevention solutions are thus deemed as a necessity in this sector.

Data Loss Prevention: Protection Beyond the Antivirus

Installing antivirus is no more adequate unless organizations have taken proactive actions and implemented other end-point security solutions to protect data loss arising from internal and
external threats. This traditional end-point security provision was sufficient in yesteryears when cyber-attacks were simpler and few. With the ever-changing technology and advancement in the nature of cyber-attacks, the antivirus as a security measure alone will not hold the fort for a long time.

Corporate data is mostly digital now. And sensitive data is accessed over multiple devices and networks. Telecommuting is rapidly growing and is favored in both private and governmental organizations, prompting employees to bring their own devices. Unfortunately, antivirus software is perceived to be the default security mechanism expected to protect against most IT threats. This, in turn, can be disastrous as it gives IT administrators a false sense of security, making critical data loss a harsh reality. IT administrators, therefore, need additional forms of protection such as end-to-end encryption and data loss prevention ((DLP) solutions.

What should an organization do to protect its critical data? We have some recommendations for organizations to consider in order to safeguard themselves against vulnerabilities of data loss:

  • Administer multiple layers of security instead of implementing just the antivirus.
  • Keep business continuity in mind while installing the endpoint security tool.
  • Encrypt data whether it is static or in transit.
  • Constantly monitor data coming in and leaving endpoints of the network.
  • Define user roles clearly, so employees are aware of who can access what kind of information.
  • Provide regular training to the workforce about security measures that need to be followed at all times.
  • Have a robust backup and risk mitigation plan ready in case of a breach.
  • Implement device management/ monitoring as an essential practice, particularly with the BYOD culture becoming a key workplace trend.
  • Install zero-day malware detection/analysis and content-aware DLP solutions.

These recommendations are the fundamentals to a strong IT security strategy. With antivirus no longer being the magic potion to deal with all threats, it is time organizations start implementing a more robust solution that encompasses various techniques aimed as data loss prevention.

Cyber Insurance –Driving Demand for Data Loss Prevention

No matter how robust and agile the system is, how efficient the organization’s policies and regulations are and how secure the network connections are, there is always a daunting risk of data loss either maliciously, by human error or due to system glitches. The total monetary loss after a cyber-attack encompasses both tangible and intangible elements such as loss of direct monetary gain, expenses related to specialist lawyer, IT forensics experts, investigators, various fees and penalties, digital disruption, credit monitoring, slump in good will etc. – all of which can be humongous.

This is enough justification for companies – large, medium or small – to get Cyber Liability Insurance Cover or CLIC. Of course, the coverage will not be the same for all but has to be customized as per the entity and therefore will have various terms and conditions and pricing. The major factors that dictate the type of CLIC are the type of data aggregated, size of the company and extent of the potential risk.

Cyber insurance companies offer add-on services with CLIC to custom build policies for organizations. Be it lawyers, forensic experts, spend on crisis management solutions, notification and restoration expenses – all become an intrinsic part of the coverage.

Cyber insurance companies that provide the best fit will typically have the following elements covered as part of their packages:

  • First party as well as third party coverage
  • Premium pricing
  • Claims payout
  • Underwriting risks
  • Ability to offer coverages ( policies, term and conditions) over a wide spectrum of cyber risks which include theft of intellectual property, data and software loss, network failure liabilities, data destruction, DoS, etc.

Similarly, underwriters at cyber insurance companies look for the following factors while setting premium rates for CLIC:

  • Check if data loss prevention (DLP) solutions are implemented. Also check for types of encryption, security for access points in the system. A comprehensive DLP solution could typically result in lower risk and hence lower premiums.
  • Understand awareness level of employees around access policies. This includes checking if regular trainings are held to keep employees updated on systems and policies in place. How well educated employees and vendors are about regulations and compliance has a significant bearing on CLIC.
  • Check what risk mitigation plan is in place in case of a data breach incident.

As in the case of any traditional insurance, if there is a rise in the number of claims and payouts, the CLIC deductible and premium increases. Or, the payout is cancelled completely when capped. As a result, organizations looking for CLIC usually demand more comprehensive data loss prevention solutions. When an underwriter sees and is convinced that the organization has taken good measures to prevent data losses, it may result in in lower deductibles and premiums.

What is the state of cyber insurance market in the US?

According to RnRMarketResearch.com, the cyber insurance global market was at an estimated US$ 2.5 billion in terms of gross premiums in 2014. In the US specifically, 46 states have made it a law that data breach incidents be notified publicly resulting in exponential demand for cyber insurance. Although 90% of the global cyber insurance policies are bought by US companies, yet only one-third of the US companies are covered. PwC predicts the market will grow to an estimated US$ 7.5 billion in annual premiums by 2020. Allianz, a German insurer, predicts the market to grow to US$ 20 billion by 2025. This will be a driving force in putting forth better policies and measures for DLP in companies.

Following are some of the key cyber insurance trends that were seen in 2015:

About 60% of brokers say that there has been a significant increase in the number of companies seeking cyber insurance in 2015, resulting in greater demand for DLP solutions.

Healthcare has seen the highest growth in cyber insurance demand due to its high vulnerability. Use of DLP could drastically reduce insurance-related costs.

Overall, awareness and news about data breaches accounted for more than 70% of CLIC sales.

Wrapping up, one can say that embracing cyber insurance at the correct time is imperative rather than taking the burden of monumental payoff in case of data breaches. The transfer of risk to a third-party gives an edge over competitors in the long-term by unlocking the potential for sustained growth. Simultaneously, reforming current policies and/ or pushing in for better and more effective DLP solutions is equally vital to keep cyber insurance related costs under control.

Zecurion’s Annual Review: 2015 Data Breach Statistics

 

*The ITRC tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

As we step into 2016, let’s look at the cost of data breach in 2015 and the trends that have impacted it.

Human Error Causes 19% of Data Breaches

Though malicious or criminal attacks pose as the main contributing factor for data breaches – almost 49%, yet negligent employees are responsible for an exorbitant 19% of the breaches, and 32% involved system glitches that includes both IT and business process failures.

Average Cost of Breached Record is $217

The average cost per lost or stolen record containing sensitive data is $217 for 2015. There has been a substantial increase of $16 per record breached in comparison to year 2014 which is close to an 8% increase. The average cost of $217 consists of $74 towards direct per capita cost and the remaining $143 towards indirect per capita cost. Direct costs are the costs that the companies spend to minimize the consequences of a data breach and to assist victims. Indirect costs pertain to what the companies spend on existing internal resources to deal with the data breach.

Higher than Average Data Breach Cost for Healthcare, Pharmaceutical, Financial, Energy, Transportation, Communications and Education

 

Some industrial sectors such as healthcare, pharmaceutical, financial, energy, and transportation, communications and education are more prone to the breaches and thus have higher data breach costs. They tend to have a per capita data breach cost more than the mean of $217. On the contrary, public sector (government), hospitality and research have a per capita cost well below the overall mean value.

Average Cost per Organization is $4.7 Mn to $11.9 Mn, Depending on Number of Records Breached

The number of breached records per incident in 2015 ranged from 5,655 to 96,550 records. The average number of breached records was 28,070. As the number of lost records increases, so does the cost of data breaches. In 2015, companies that had data breaches involving less than 10,000 records had an average cost of data breach of $4.7 million and the ones with the loss of more than 50,000 records had a cost of data breach of $11.9 million.

Among the number of factors that contribute to increased lost business costs, the significant ones are loss of business, legal services, investigation & forensics, increased customer acquisition activities and diminished goodwill.  In order to reduce the cost of data breaches, businesses need to make proactive decisions and make worthwhile investments in various strategies, key being setting up an incident response plan, implementing data loss prevention solutions, planning for business continuity and its management, appointing CISO with enterprise-wide responsibility and investing in employee training.

Zecurion Achieves Worldwide Silver Partner Status in the Samsung Enterprise Alliance Program

New York, September 23, 2015 — Zecurion, a leading developer of data loss prevention solutions, announced it has achieved silver partner status in the Samsung Enterprise Alliance Program (SEAP) enabling Zecurion to deliver mobile solutions aimed at preventing leaks of confidential data through Samsung Android.

The partnership with Samsung enabmles Zecurion to provide complete monitoring of corporate information on employees’ mobile devices efficiently and cost effectively, thereby preventing data leaks at various stages of information processing, storage, and transfer.

SEAP is an affiliate program of Samsung and supports companies in the use of Samsung products and solutions. Besides support for global marketing and distribution activities, Samsung offers technical support and expertise to its partners to enable development of differentiated mobile solutions that meet customer demands

With the silver partner status, Zecurion now has access to the extended library of the Enterprise SDK from Samsung.

Zecurion Mobile DLP finds copies of confidential documents on users’ mobile devices and blocks their transfer via unsecured open networks. All traffic is channeled through a protected corporate network. In the event of theft or loss, the device can be blocked by a security officer.

MHA NG (Mobile Hybrid Analysis Next Generation) is used to detect confidential documents on Android devices. A new version of MHA uses six different technologies for identifying confidential data, including MorphoLogic, a search by dictionary, templates and frequent expressions. The plan for the future is to add support for DocuPrints and SmartID. MNH NG is already correctly identifying over 100 different file types as well as encrypted documents.

For more information about Zecurion DLP Mobile, please call +1 866 581-0999.

About Samsung Enterprise Alliance Program (SEAP)

Samsung Enterprise Alliance Program (SEAP) is designed to provide differentiated benefits to partners according to their various needs. The goal of SEAP is to enable partners in creating new revenue opportunities in the enterprise mobile business with Samsung products and solutions. Additional information is available at visit: http://www.samsungmobileb2b.com.

Zecurion Releases Zlock Version for Mac OS

New York, August 26, 2015 — Zecurion, a leading developer of data loss prevention solutions, announced the release of Zecurion Zlock Mac, its groundbreaking new version of endpoint DLP developed specifically for Mac OS.

In June 2015, the companTwitter header pic 01122015y successfully completed the beta testing of Zlock Mac, in which more than 100 IT and information security professionals had participated. The beta test done by the developer community enabled Zecurion to incorporate useful feedback, eliminate errors, and improve overall  functionality of the solution.

Zlock Mac controls the use of USB devices and blocks leakage of sensitive data from computers that are running Mac OS X Mountain Lion, Maverick and Yosemite.

Just like the Windows version, Zecurion Zlock for Mac allows the security officer to create flexible policies for different types of USB devices, different groups and individual users. Besides giving the option to either allow or restrict the use of the USB device, it also allows partial access in read-only mode. Policy management for both Mac and Windows-based platforms is handled through a single management console, which greatly simplifies the work of security administrators.

“Many of our customers use Apple platform, which leads to an increased risk of losing sensitive corporate information from Mac. Taking into account the wishes of customers and the increasing demand for data protection from leaks for Mac OS, we have developed a special version of Zlock, which we are sure will be a great success with customers,” says Roman Vasilyev, Zecurion CTO. He added, “we want to particularly thank our customers and partners who participated in the beta testing of the solution. Through joint efforts, we not only eliminated errors, but also significantly improved the solution.”

For more information about Zecurion Zlock Mac, please call +1 866 581-0999.

Are Your Systems Overloaded with Piecemeal Solutions?

Sensitive information in terms of personal information pertaining to clients, customers, employees, and business-related information including business plans, strategy documents and financial records are of utmost importance for organizations in today’s knowledge driven world. If any of this information gets lost, stolen or tempered with, not only it burns a hole in the organization’s pockets for figuring out a viable and corrective measure but also brings down the reputation of the organization and people associated with it.

There are several ways how companies have been dealing with this kind of problem ever since business relationships started developing. Firewall is amongst one of the widely used programs for preventing any kind of intrusion or unauthorized transmission. It could be a very good line of defense for an organization to safeguard its assets but with the rapidly changing technology and ever growing data,organizations ought to have something more flexible, productive, secure and scalable solution.

In recent years, IT managers have implemented various security solutions beyond firewall to control the access of external devices and data exchange between employees with other stake holders outside the company. The solutions primarily focus on any of the components such as encryption, monitoring, scheduling and filtering of data while transmitting data over the network.

These piecemeal solutions might have helped organizations in winning small battles; however companies do not prepare themselves for the war in terms of data breach.

A survey by Osterman Research suggests that 30-60 percent of security solutions purchased become shelfware and are never utilized by the company due to various reasons.

In a race to solve immediate security issues, organizations have always focused on data access policies and not on data breach policies which are much bigger and larger than just restricting data access.

The most common solutions for data breach control are data management solutions in the market allowing IT managers to have access based on data classification, rules for data monitoring, data filtering based on sensitive keywords and dynamic data access and approvals.

DLP (Data Loss Prevention) is the common tool for data management solutions which integrates all these different components (Data Access and Rights Management, Web Filtering, eForensics, Endpoint Control, Network Diagnostics, Laptop Theft, Policy Enforcements, etc.) into one solution which can be easily managed by IT staff.

It is easy to define and enforce policies in DLP which removes the need for defining it in multiple tools and acts as an effective tool for IT managers. The data can be easily discovered, managed and protected at the same time. DLP solutions are quite flexible in defining rules for various users and also enable compliance with regulations such as HIPAA.

DLP is also equipped with the capability to protect data stored in cloud or mobile devices and helps in preventing data loss beyond the perimeter of the organization’s network. Most of the organizations focus on what the network is receiving to avoid any virus attack but ignore what’s going out and that is where the sensitive data becomes vulnerable.

In the short run, opting for piecemeal solutions may be cheaper and viable, but this is a more myopic view of looking at such an important issue. It may result in a financial burden or even can lead to brand tarnishing.  Instead, one should look at a broader perspective. A progressive way will be to implement a DLP solution which definitely will fetch better results as it does not require installing and managing different components at various locations. Perhaps, this will be advantageous and will prevent any intrusion or data loss thereby saving the organization from any kind of financial burden or loss of reputation.

After the Breach – Do You Have a Proactive Response and Recovery Plan?

Steps to Better Prepare an Educational Institute to Manage a Data Breach

April 22, 2015 – Last week, we shared statistics from numerous studies to reinforce the importance of data loss prevention in the education sector. Today, we will go a step further and share a valuable, yet a simple strategy that can easily be implemented should such an incident happen.

With the increase in amount of student data stored and increased digitization of information, educational institutes have become more vulnerable to data threats. It is expected that most of the institutes will see a data breach at some point of time and should be prepared with a response and recovery plan for better incident management.

 

school lockers-94959_1280Zecurion’s Anthony Servidio Jr., VP Business Development for North America, says, “The potential impact of a data breach on a student’s
future is immeasurable. For example, leakage and potential misuse of social security numbers could result in not just the inability to get an education loan approved, but also profound mental and emotional stress at a very young age causing behavioral changes.”

 

Below is a suggested response and recovery plan so educational institutions are better prepared for incident management:

Assemble Incident Response (IR) Team: The response team should include top management including the Principal, Chancellor, PR Manager, IT Manager and anyone else who can contribute to issue resolution.

Identify What Has Been Impacted: Verify if the incident has actually happened and if the answer is yes, identify what has been compromised, how, and what the anticipated loss is. In most of the cases, the data breach happens through a combination of people, processes and technology.

Data Exposure Assessment: It is important to assess the data compromised and components of the data including names, addresses, telephone numbers, social security numbers and financial aid. As the first step, it is crucial to identify what all data is stored in the current systems and the second step is to classify the data as per their criticality. Even the identification and removal of unnecessary data lessens the burden on the system and helps to organize and improve data security.

Damage Control: Once the type and scope of data exposed is determined, it should be immediately resolved by deleting the shared email, destroying the copies, or whatever is possible. After that, steps should be taken to reduce the exposure of the impacted data for repeat threat.

Response Plan: The response team should create a proper response plan as the reputation and branding of the institute gets directly impacted by the amount of response time taken after the breach detection. If required, the impacted individuals should be informed about it including source of the breach, emergency point of contact, means to resolve their queries and compensation, if required. It is also mandatory in some states to inform governing authorities about data breaches as part of the Federal Law.

Act Now: Identify the lessons learnt from the incident and take necessary actions on immediate basis to avoid such situations from happening again in future, including implementation of various data loss prevention tools.

While the institute may have to spend time, money and effort in diagnosing and taking preventive measures for enhancing data security, any proactive measure taken will help in preventing future financial loss as well as the loss of reputation and trust.

Sources: Ellucian, WindowsIT Pro, SANS Institute

Why Is Proactive Data Loss Prevention So Important?

Per Capita Cost for Data Breaches in the Education Sector is One of the Highest

Did you know that the per capita cost for data breaches in the education sector is one of the highest? And that the impact of a data breach in schools is on the higher side as compared to the colleges, as the former accounts for more than 66 percent of total per capita spending on education?

Many small schools have a lot of data but a limited capacity to deal with huge sets of data. The systems in place are generally based on open architecture for easy access of information between students, teachers and administrative staff. This makes it more imperative to have a sophisticated data loss prevention tool to prevent data breaches from happening as a result of human error or by accident. Below are some of the key statistics, compiled from various organizations to give an insight on the impact of data breaches on the education sector. school-desks-305953_1280

  1. Education sector’s per capita costs for data breaches, as reported by Ponemon in May 2014, is $259 which is the third highest per capita cost after healthcare ($316) and transportation ($286). This cost is substantially above than the overall mean of all industries i.e. $201. These include breaches caused by criminal attack, system glitch and human error.
  1. The probability of data breach involving more than 10,000 records for the education sector is expected to be 0.211. Public and retail companies are more vulnerable to breaches followed by educational institutes as per the Ponemon report.
  1. Approximately one third of a total data breaches reported by colleges and institutions, from 2005-2013, can be attributed to intentional or unintentional data leakage by employee or associated personnel, as reported by EDUCAUSE Center for Analysis and Research (ECAR).
  1. The education sector has witnessed 727 breaches as per Privacy Rights Clearinghouse (PRC) database from 2005-2014. Out of this, 73 percent of breaches have known impacted records data totaling 14.5 million records with an average of 27,509 records per breach whereas the impact of compromised data is not known for the remaining 27 percent of data breaches.
  1. It is the only sector with the second largest number of data breaches from 2005-2014 whereas the number of records exposed is the lowest (approximately 1 percent of total records exposed). This can be attributed to non-reporting or wrong reporting of breach cases by institutes to safeguard their reputation and branding.
  1. As per the survey conducted by Halock last year, more than 50% of the institutes surveyed allowed data access over unencrypted and unprotected email environment. The lack of proper data loss prevention solution can be considered as the major factor of data breaches over such unsecured networks.

Sources: US Government Spending, EDUCAUSE Center for Analysis and Research (ECAR), Capital News, Privacy Rights Clearinghouse (PRC), Ponemon Institute

12 Reasons to Prevent Data Leaks with Zecurion’s Zlock

1. Advanced Data Loss Prevention (DLP)
Monitor and restrict movement of data off the local network or managed devices using peripherals and removable data storage.

2. Message and File Content Analysis (via integration with Zgate)
Monitor and restrict movement of data off the local network or managed devices using network communications channels (email, instant messaging, etc.)

3. Complete Device Access Control
Control access by any connectable device including USB, hard drives, flash memory, CD/DVD drives, COM and LPT ports, local or network printers, PCMCIA, IEEE 1394 (Firewire), etc.

4. Policy-Driven Access Management
Control use of peripherals and pluggable devices by creating and applying policies with different access privileges (full access, read-only, denied access). Implement “online”, “offline”, “VPN”, or time-driven policies.

5. Access Request Handling Process
Manage device access requests sent by users via email or called in by phone using a built-in workflow.

6. Integration with Windows Active Directory (AD)
Use native Windows authentication. Assign Active Directory (AD) users or groups to Zlock policies.

7. Shadow Copy
Take a snapshot of data that was accessed or moved to/from a connected device–even if it was printed as hard copy using a local or networked printers.

8. Real-Time Monitoring and Reporting
Monitor use of devices and run reports against event logs in real-time.

9. Centralized Installation and Management
Remotely install and update software components, settings, and policies across the enterprise from a single location.

10. Self-Checked System Integrity
Self-monitoring of Zlock integrity, preventing unauthorized changes to the system settings or policies.

11. Proven Technology
Utilize a robust, highly-available DLP system capable of handling the most demanding security requirements.

12. Integration with Other Zecurion Security Products
Manage all other aspects of data security, including encryption of operational data stores, file servers, and backups, and lock down email and instant messaging communications.