DLP Technology and IoT's Weaknesses

DLP Technology

In regards to data loss prevention (DLP), in the last five years many companies rushed to implement DLP solutions without taking the time to first identify the data that should not transit egress points. Most of these rushed implementations have not been successful. Security analysts, in particular 451 Research, have been recommending that companies should first identify and classify data before deploying DLP. Unfortunately, we are just now seeing companies execute this approach. Companies in 2017 that identity and classify data before they begin implementing DLP solutions will see a dramatic increase in the effectiveness of their data protection programs.

In 2017, attacks that seek to access a company’s sensitive data will increase. Some of the attacks will be conducted by activists looking to damage their targets’ integrity and reputation – similar to the intent behind the Sony breach. Other attacks will be for financial gain, predominantly tied to ransomware. Hiding behind the anonymity of bitcoin and other cryptocurrencies, ransomware continues to be a crime where the culprits can remain anonymous and difficult or even impossible to capture. Cybercriminals will continue to upload stolen data publicly to make investigations and containment trickier.

The likelihood of a data breach is higher than ever and organizations must get serious about the sensitive data sprawl that is occurring across their networks. In the case of the Sony breach, one of the biggest and most newsworthy breaches since 2014, the majority of the damage was done from sensitive data that was stored unprotected on their network. Companies need to develop enterprise-wide data security programs to address Vulnerabilities.

Data sprawl continues to be a major threat to enterprises and governments alike. In the majority of recent attacks – the Home Depot breach, the SWIFT network breach, the DNC breach – the common denominator is the unaccounted-for sensitive data. Unknown or misplaced sensitive data that is stolen is the most valuable to the cyber thieves and the most devastating to companies. Enterprises and Government organizations must take action to ensure they eliminate sensitive data sprawl across their organizations. This is the very first and most critical step in protecting themselves, their employees and their customers from the major risk of a data breach.

We also see Internet of Things (IoT) devices as a weak link in the security chain. The vast majority of IoT device manufacturers are not be able to address security threats, as we saw in the DDoS Dyn attack. Early IoT security failures will push the industry toward authentication standards but these standards will not be implemented before 2017 comes to a close. Operational technology needs to be aggressive with their cybersecurity approach – by hiring experts and assigning the businesses responsibility of cybersecurity to individuals.

By Dr. Jo Webber

Hair Loss.png
Data Bed.png
The Backup.png
It’s Magic
Dinesh Varadharajan
The Future with Automation Many entrepreneurs believe digital technologies will transform the way their companies work. By 2022, the worldwide hyper-automation technology market is expected to be worth $596.6 billion. And by 2055, almost half ...
Drew Firment
Here’s How to Make Sure Your Skills are Cloud Ready This year will be a period of meteoric growth for the cloud industry. Research from Gartner suggests that global spending on public cloud services in ...
Bi Tools
BI Tools For Data Scientists Many data scientists prefer to use open-source framework to code scripts; after all, it’s something they already trust to work. Business intelligence tools like Qlik Sense, Power BI, or Tableau, ...
Gilad David Maayan
What Is Application Dependency Mapping? Modern software development teams use fast-paced DevOps work processes. However, the complexity of modern software applications often gets in the way. A typical enterprise software project has thousands of components, ...
Sofia Jaramillo
Augmented Reality in Architecture Augmented reality (AR) is a growing field of study and application in the world of architecture. This useful tool can help us visualize architectural designs by superimposing them onto real-world scenes ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.