FEATURE
or the exposure of sensitive customer
information, a data breach can bring
on financial losses, legal action
and significantly damage customer
confidence and corporate reputation.
How important is it that
organisations have solutions in
place to prevent a data breach?
SM: An ounce of prevention is worth a
pound of cure, so the saying goes. When
it comes to protecting your organisation
against the imminent threat of a
cyberattack, it’s essential to factor in
both. Today’s hackers are motivated and
more organised than ever. This past year
has shown how vulnerable organisations
of all sizes are.
Many organisations use content-aware
pattern-matching methods to protect
outbound Internet communications
such as email. However, they neither
monitor nor control outgoing electronic
communications through web and
FTP access.
Data loss through web and FTP access
is considered a relatively minor threat,
and it can go undetected or unresolved
for days or even longer, creating the risk
of confidential information falling into the
wrong hands.
Organisations need a data loss
prevention solution for many reasons.
More than 50 countries, including the
United States and countries in the EU,
have enacted data protection laws that
require organisations to demonstrate
their compliance with government
and industry regulations regarding
information privacy.
These regulations go beyond simply
securing data. Failure to comply with
them may result in civil and criminal
penalties. A comprehensive DLP solution
helps organisations comply with these
government and industry regulations.
Data breaches by employees pose a
tremendous threat to efforts to prevent
confidential data from leaving an
organisation. Organisations want to
have 360-degree monitoring and control
of data use across corporate and web
38
emails, external file uploaders, social
media and other applications, including
SSL encrypted sessions. Deploying a
comprehensive data loss prevention
solution will help them monitor and control
the applications that employees access.
It also provides historic data for forensic
analysis in case of reported violations. proceedings. Email is the primary
location for breaches so should be
the first place that any IT professional
starts when looking to prevent a data
breach. With the right solutions in place
to protect your email you will be able
to protect against inadvertent loss and
malicious attacks.
JO: Having solutions in place to prevent
a data breach is essential especially as
organisations store more critical data
in digital form. But data leak prevention
is no easy matter. Monitoring the vast
amounts of information that flow through
the organisation is a challenge; stopping
or quarantining content based on
complex security rules and user roles is
even more difficult. What is best practice for CISOs
when assessing how to prevent
data breaches?
And while risk and compliance
personnel may push for the strict data
leak prevention measures, these controls
should not be so rigid that they stifle
productivity by preventing authorised
users from quickly and easily accessing
data they need.
Additionally, a data breach prevention
solution must provide tamper-proof
evidence about data leaks for use
in disciplinary actions and legal
SM: The Cisco ACR report also found
that 80% of data breaches originate
from third parties. To reduce risk,
organisations must foster a value chain
where trust is not implicit and security
is everyone’s responsibility. Keeping the
difference between responsibility and
accountability in mind, everyone in the
company needs to be responsible for
cybersecurity.
Cybersecurity is finally becoming a top-
of-mind business objective for many with
many organisations making the board
hold accountability, which makes sense
considering a large security breach/
incident doesn’t only affect finances and
productivity but can severely damage
customers’ trust towards the brand.
Issue 03
|
www.intelligentciso.com