DLP Technology and IoT's Weaknesses

Dr. Jo Webber

DLP Technology

In regards to data loss prevention (DLP), in the last five years many companies rushed to implement DLP solutions without taking the time to first identify the data that should not transit egress points. Most of these rushed implementations have not been successful. Security analysts, in particular 451 Research, have been recommending that companies should first identify and classify data before deploying DLP. Unfortunately, we are just now seeing companies execute this approach. Companies in 2017 that identity and classify data before they begin implementing DLP solutions will see a dramatic increase in the effectiveness of their data protection programs.

In 2017, attacks that seek to access a company’s sensitive data will increase. Some of the attacks will be conducted by activists looking to damage their targets’ integrity and reputation – similar to the intent behind the Sony breach. Other attacks will be for financial gain, predominantly tied to ransomware. Hiding behind the anonymity of bitcoin and other cryptocurrencies, ransomware continues to be a crime where the culprits can remain anonymous and difficult or even impossible to capture. Cybercriminals will continue to upload stolen data publicly to make investigations and containment trickier.

The likelihood of a data breach is higher than ever and organizations must get serious about the sensitive data sprawl that is occurring across their networks. In the case of the Sony breach, one of the biggest and most newsworthy breaches since 2014, the majority of the damage was done from sensitive data that was stored unprotected on their network. Companies need to develop enterprise-wide data security programs to address Vulnerabilities.

Data sprawl continues to be a major threat to enterprises and governments alike. In the majority of recent attacks – the Home Depot breach, the SWIFT network breach, the DNC breach – the common denominator is the unaccounted-for sensitive data. Unknown or misplaced sensitive data that is stolen is the most valuable to the cyber thieves and the most devastating to companies. Enterprises and Government organizations must take action to ensure they eliminate sensitive data sprawl across their organizations. This is the very first and most critical step in protecting themselves, their employees and their customers from the major risk of a data breach.

We also see Internet of Things (IoT) devices as a weak link in the security chain. The vast majority of IoT device manufacturers are not be able to address security threats, as we saw in the DDoS Dyn attack. Early IoT security failures will push the industry toward authentication standards but these standards will not be implemented before 2017 comes to a close. Operational technology needs to be aggressive with their cybersecurity approach – by hiring experts and assigning the businesses responsibility of cybersecurity to individuals.

By Dr. Jo Webber

Anita Raj

The Criticality of Data Governance in a Multi-cloud Environment

The Criticality of Data Governance Multi-cloud has emerged as an enterprise favorite in almost no time.  In fact, Security Boulevard  makes a reference to a ...
Hacker Cloud

Pandemic and Cybersecurity: Top Threats to Businesses

Pandemic and Cybersecurity The worldwide spread of the COVID-19 virus is coming to naught (or at least we hope so). But the impact that this ...
Armen Najarian

Martech: Brand Marketing is the New Demand Generation

Martech: Brand Marketing First, An Apology Sorry, demand generation professionals. We still love you and your jobs aren’t going away. But, as you are well aware, the ...
Sebastian Grady

Digital Transformation – Updated Metrics for the Cloud Era

Cloud Era Metrics Undertaking digital transformation means also transforming how IT success is defined, including metrics that address business in the cloud.  With up to ...
Mobile Apps Business

It May Not Be Sexy, But Strict Compliance Delivers The Freedom To Innovate

Compliance and Business Innovation When the U.S. based non-profit organization RHD | Resources for Human Development decided to move its operations into the cloud, one ...
Torsten

Five Ways to Secure Access to Web Workloads

Secure Access to Cloud Workloads Organizations are increasingly moving their workloads to the cloud to achieve greater agility, flexibility, and cost savings. That’s a major ...