This article was written by Purandar Das, CEO and Co-Founder of Sotero.
Data Breach or Data Leaks are topics that have been receiving increased focus, particularly in 2020, and this focus is well warranted. For far too long, privacy and threats have been ignored by organizations in the push to monetize newly available data in the context of emerging tools and channels. Frequently data is referred to “as the new oil.”
This statement is not only accurate, but data is also one of the largest contributors to driving innovation. But data is also vulnerable. What is known as data breach or leakage or even data spill, simply put, is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Several factors contribute to a data breach within an organization, and here are some commonly asked questions that can explain why it happens and how.
What causes accidental or unintended insider data leaks?
Accidental leaks are usually due to a couple of factors:
Lack of training and/or awareness of the environment or the sensitive nature of the data. Users not being aware of the security postures or needs in a technical environment causes them to deploy data in insecure environments. They may also adopt or use applications that have not been hardened. The temptation to use a tool or utility that has not been vetted is another risk factor. The pressure to complete tasks coupled with inadequate IT support is another reason users tend to take risks.
Users under a deadline tend to take risks using environments or applications that have not been vetted. When users operate in environments where IT support is scarce or is perceived to be overly bureaucratic, they will take shortcuts to accomplish tasks. This leads to exposing sensitive data to vulnerabilities.
What factors contribute to unintentional insiders’ risk in today’s enterprise environment?
The emergence of cloud computing and the associated innovation has made cloud-based tools and applications widely available for consumers. These environments are appealing due to the ease of use and targeted functionality. Usage requires little technical knowledge, and the results are immediate. As adoption increases, little attention is paid to the storage of both user credentials and sensitive data. In most cases, the security standards are not on par with corporate requirements, and equally importantly, data is now stored and accessible by the platform vendor. Security risks are exponentially multiplied due to unknown parties having access to the user credentials as well data.
Has remote work increased insider threats?
Remote work multiplies the risk levels. Network users authenticated via a tightly controlled corporate network are now accessing the same applications and data through hundreds, if not thousands, of home networks. These networks’ security levels are nowhere near the levels of corporate networks since these are mostly home networks.
What are the pros and cons of using anomaly detection and user and entity behavioral analytics for identifying risky insider behavior?
Anomaly detection is the long-term solution. Rules-based detection engines are only as good as the rules. Given that criminals are constantly exploring new techniques and vulnerabilities, it is almost impossible to monitor all access and behaviors. An automated intelligent anomaly detection framework is best suited to identify behavioral anomalies.
The downside of automated anomaly detection is that it is only as good as the engine can be “trained.” They require a solid baseline of behavioral patterns against which to evaluate and detect deviations. The other risk is the number of false positives that an engine can generate. They can overwhelm the underprepared.
How has data leak protection evolved over the years and what should CISOs/practitioners consider when looking at these technologies?
Data leak protection has evolved considerably. They have evolved from static monitoring and post-event forensics to preventive postures. ML/AI is increasingly a part of proactive detection and prevention. One of the more important advances is the migration of data loss prevention from network/traffic analysis to data access and usage analysis. This enables data prevention to be implemented where it matters most, the data. An effective DLP posture should consist of a secure network access management framework, data security in use, and preventive usage analysis.
How effective are security training initiatives for combating the threat from insiders?
Training is a huge and necessary part of eliminating insider threats. Building awareness of the security risk associated with the adoption and use of new technologies and applications and behavioral training related to proper data security practices will go a long way in eliminating these threats.
As organizations think about privacy requirements and ethical responsibilities, they are hamstrung by security technologies that have not kept up with the new needs both from a technology and scale perspective. The other area where innovation has struggled is in viewing privacy as a separate aspect of operations. A strong security approach consists of a data-centric security framework that can scale while providing a protective envelope across all data stores, thus reducing the risk and threats of yet another data theft or leakage that can lead to some serious consequences.
About the Author:
Purandar Das, CEO and Co-Founder of Sotero has focused on using technology to solve business problems. Throughout his career, Purandar has been working on utilizing technology to solve complex business challenges. He adopts a pragmatic approach that enables businesses to leverage technology to achieve business goals and power growth.
Purandar started Sotero with the conviction that today’s data protection was deficient and that a better approach was needed to protect data. He believes that security, where the core focus is not the data, is not a viable option. Purandar is a graduate of Texas A&M University (MS – Mechanical Engineering) and Bangalore University (BS – Mechanical Engineering) and is based in Massachusetts.