While many organisations spend a lot of time and focus on the well-publicised, “noisy” IT threats there's a more fundamental, yet silent, problem that is slowly killing many organisations without them even knowing. It's the IT security equivalent of high blood pressure or clogged arteries.
We regularly see shocking news headlines of mass incidents involving hundreds of thousands of records being leaked, yet every day many organisations are suffering from the same issues, just in a more gradual, erosive and persistent way. The reality is that this is a widespread problem that practically all organisations suffer from, yet it goes largely unchecked and unreported. This results in serious commercial loss to a business, including financially through direct theft of customer data, brand damage and compromised market competitiveness. So what can you do to identify the leaks and perpetrators and mitigate the risk?
Tracking employee interaction with your data
Data leakage is not always recognisable as a significant, one-off event. Often it's a gradual process that occurs over a period of time, even years. It's still equally damaging yet much harder to spot, which means such leakage goes largely undetected and therefore organisations can't prepare or react appropriately.
Many organisations don't have formal measures in place to keep track of smaller, yet persistent leakage incidents. One common scenario is that of an employee leaving, where it's common practice to take confidential data with them. Such behaviour is rarely detected or taken seriously enough. And the problem is only getting bigger as the value of data is exponentially growing. Yet the measures organisations have in place to both track how employees are interacting with critical data and to track data access permissions has not kept up the pace. Even the basics are being overlooked.
The challenge for IT teams is making the business case. Unless the threat is visible - a proven problem - attempting to allocate time, budget and resources for the issue is tough to justify. It's not until organisations face an issue, or are ahead of the curve in terms of good practice that better measures are put in place to protect against such risks. Resources often get placed into projects where “noisier” threats take precedence.
Systems don't leak data, people do
For organisations to have any hope of addressing this persistent and serious issue of data leakage in any meaningful sense it is imperative to put in place better checks and measures around how users are interacting with critical data and how permissions are granted and managed. Often the main reason data leaks happen is because employees have access to data that they shouldn't. It's often leaked for personal or financial gain and is motivated by opportunity rather than part of a premeditated complex attack. There is a belief they won't get caught, they take the chance and are rarely detected. So they are usually correct - leakage of this nature is rarely ever noticed!
The key point here is the need to take the view “expect what you inspect, nothing less”. So if due diligence is not being carried out with regards to what users can access and how they are interacting with corporate data, the chances are you have a problem.
It's not a security superhero battle
CISOs and IT managers are busy people, handling other noisier threats that actually aren't as big as persistent and erosive data leakage. It's a common misconception - while it's not a sexy detective story, or “good vs evil” security superhero scenario – over a period of time persistent data leakage is more damaging. Slowly but surely, unseen in the background, it's cranking up your businesses' blood pressure - and once uncovered probably that of the directors!
Contributed by Aidan Simister, CEO, Lepide
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.