APPLY FOR PARTNERSHIP
Thank you for your interest. Kindly fill out the details below and we will contact you back soon.
Please complete this form to be contacted by one of our experts.
September is Insider Threat Awareness Month. It marks the growing emphasis enterprises and governments are putting on addressing the risks posed by these highly evasive and detrimental threats. In our last article, we outlined some of the hurdles enterprises face in mitigating insider attacks.
In this article, we assess the effectiveness of Data Loss Prevention (DLP) in addressing insider threats. According to our recent ‘Insider Threat Report 2022 – Singapore Edition’ , 99% of enterprises felt that constant monitoring of user behaviour could help in the swift discovery of insider threats. In this regard, DLP, which continuously identifies, monitors and blocks sensitive data whether it’s in use, in motion or at rest, helps prevent data from being exfiltrated or accidentally exposed. DLP is relied on not just to prevent data leakages, but to also stay compliant with regulations such as the GDPR or HIPAA.
DLP: challenges encountered
There are many aspects of DLP implementations that are often overlooked, and that reduce its effectiveness in addressing insider threats. For example, enterprises often take a top-down approach to devising DLP policies, with security or IT teams setting cookie-cutter rules that do not take into account the context in which different data is accessed, modified, transmitted or stored. According to the report, 47% of enterprises stated that a lack of data context for policy makers has been a major challenge in implementing DLP.
The report also found 25% of enterprises agreeing to the fact that a lack of user engagement affects the quality of their DLP policies. In-depth understanding of employee usage needs and norms is required for DLP policies to incorporate different download thresholds, concurrent and multi-device access rules as well as transaction-specific privileges. For example, a policy that halts large data uploads may be useful in preventing data leakages, but may end up stalling important data migrations.
Ultimately, having to factor in these considerations and more has made DLP policy creation a daunting task. At the same time, with constantly changing attack vectors, security teams need to continuously update classification rules and action plans to account for new types of sensitive data, new access points and new threats. According to the report, nearly half of the enterprises surveyed find policy creation and maintenance a major challenge for DLP.
Where DLP policies are not tailored to meet the dynamic needs of the enterprise, false positives are more likely to arise. A notorious feature of data loss prevention, false positives have long plagued security teams with unnecessary investigations and filtering. The report found that false positives were the most frequently encountered challenge for DLP, mentioned by 56% of enterprises. Without context-aware policies and without adequate remediation, many harmless transactions continue to be inaccurately flagged, impacting enterprise productivity.
While DLP can be relied on to initiate accurate last-mile alerts, not providing full visibility into data creation, transmission and storage affects the proactive identification of threats and vulnerabilities. The report found that 40% of enterprises mentioned a lack of real visibility as a key challenge of implementing DLP, as it fails to provide them with real-time analyses, reports and insights into potentially harmful data transactions taking place.
Finding the perfect solution
While DLP can go a long way in staving off data leakages and exfiltration, deploying a solution that allows enterprises to create dynamic, user-centric policies with end-to-end visibility greatly augments the capabilities DLP has to offer. CoSoSys Endpoint Protector, for example, equips security teams with detailed reports on user activity and insights into transactions involving sensitive data. It also provides granular, content-aware and context-aware policies that enterprises can adapt to their own specific needs.