Category Archives: DATA EXFILTRATION

Insider Threats, preventing data exfiltration

The digital economy is undergoing remarkable transformation and security is being compelled to evolve as organizations embrace services that are more dynamic in nature. The things organizations do to grow, innovate, and drive performance change the cyber risk landscape every day.

Business leaders today are realizing that the digitalization is fundamentally enabling sharing of information across a multitude of platforms, not necessarily protecting it.  They recognize that they are essentially at the mercy of their own employees and third parties associated with them to handle crucial business sensitive information.

On the other hand, cyber security incidents, including breach and disclosure of intellectual property, customer data, other sensitive data (e.g., GDPR, PII, PHI, PCI), are increasingly pervasive in today’s business environment. Data is one of a organization's most vital asset and the cyber risks associated with data is crucial for any organization.   According to a 2017 Insider Threat Report, out of all the potential cyber threats in the wild, insider threats is one of the most prevalent threats and associated incidents have risen due to economic conditions and insider access accorded to non-approved third parties.

So, fundamentally who is an insider threat? Any employee who has the potential to harm an organization for which they have inside knowledge or access. The past several years have seen some of the history's most high-profile data breaches. The extent of data loss across the organization is incrementing year by year and so are the associated challenges in protecting the data.

The Ponemon Institute’s 2017 Cost of a Data Breach study estimates that in the US, the cost per record of a data breach is $201 per record (including many factors, direct and indirect).  Those costs jump to $215 per record in the case of malicious attacks, or incident involving third parties. Obviously, this can add up to hundreds of thousands, or millions, depending on the amount of sensitive data involved.

But what the various cost analyses of cyber incidents don’t take into account is that malicious attacks are increasingly aimed not at the theft of sensitive data, but the serious disruption of operations, the elimination of data, or theft of intellectual property or information that can permanently impact market share and competitive advantage.

Recent attacks demonstrate that we need to change the game

There are multiple types of insider incidents seen across industries. The GTB perspective is that organizations cannot succumb to thinking of themselves as passive victims of cyber crime. However, we need to take stock of the fact that, it is our own relentless leveraging of technology, which create gaps that cyber criminals exploit.

To manage the risks arising from internal threats from a cyber risk perspective, though, means that it has to be taken on as a business problem. Executives do not need to suddenly become cyber security experts, but need to lead the discussion with an emphasis on:

  1. Focus on risk mitigation versus compliance requirements: Many organizations are heavily focused on addressing audit and regulatory findings, but the solutions implemented often do not help reduce risk and address threats that the company faces.
  2. Build and maintain a comprehensive inventory of sensitive assets and data: Many organizations don’t know where their data is. It’s very difficult to appropriately protect data if you don’t know where it is collected, stored, used, and transferred both inside and outside the organization.
  3. Focus on implementing solutions to protect data and monitor for data loss at the “data layer”: Many organizations are not effectively implementing critical capabilities such as Data Loss Protection (DLP) solutions, encryption and database activity monitoring, among others. Building the capability to monitor systems, applications, people, and the outside environment to detect incidents more effectively.
  4. Consistently execute the security fundamentals: Many organizations are still not consistently executing fundamental data protection capabilities (e.g., patching, privileged access, asset management), which leaves sensitive data even more vulnerable.

This may require more investment, but it may also simply entail a new approach. The crux of that approach is to recognize that managing cyber risk must be an inherent aspect of growth and innovation strategies. The two cannot be separated.

How secure is your data?  Do you REALLY know? Find out now

A Zero Trust Approach towards Data Protection

Using a Zero Trust Approach towards Data Protection and Data Exfiltration Prevention   What is Zero Trust Security? Face it, traditional network perimeter security (firewalls, IDS, and the like) have failed.  Add into the mix the growth of cloud services (both sanctioned and unsanctioned) and you have a big problem.  Zero Trust security is built on…
Read more

What are the Data Protection Officer’s Tasks as Defined under EU GDPR?

What are the Data Protection Officer’s Tasks defined under EU GDPR? Article 39 Tasks of the Data Protection Officer (DPO) The data protection officer shall have at least the following tasks: (a) to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation…
Read more

MSPs who take advantage of intelligent cloud-based and on-premises data protection security are better able to protect their clients from the constantly evolving, never ending environment of insider and outsider threats.

Some of the necessary data protection security features and facets for true Data Protection include:

  • Preventing data exfiltration from both insider and outsider threats
  • Drip DLP, off line data exfiltration coverage, application control
  • Discovery of sensitive data to eliminate data sprawl
  • Enforcing corporate cybersecurity data usage policies and regulatory compliance for employees

Offering clients a proven cybersecurity solution is essential for MSPs.  Preventing data breaches and non-compliance not only benefits MSP clients by ensuring compliance and data security, it also helps to maintain a client’s confidence in you, their MSP, an important factor in sustaining a long-term and profitable relationship.

The combination of GTB’s DLP that Works Endpoint Protector, Discovery DLP with Data Classification and the Network DLP Service puts into effect a dependable, accurate set of cybersecurity processes for the organization no matter how far it extends.

Managed service providers and IT administrators can use the GTB’s Central Console to create custom data protection policies for departments, groups and individuals, based on content, context and users and to demonstrate compliance with acceptable use policies and mandated regulations.

Learn from the Data Protection / DLP Experts

Contact us today for more information

Are you interested in Cybersecurity updates?


HIPAA Privacy, Security, and Breach Notification Audit Program

HIPAA Privacy, Security, and Breach Notification Audit Program OCR senior advisor Linda Sanches said at the recent HIMSS and Healthcare IT News Privacy & Security Forum “We will be conducting a small number of on-site audits in 2017," Sanches added.  [1]     What is the OCR Audit Phase 2?[2]    Program Objectives:  The audit…
Read more