It feels like the last song of the concert—this is the final blog in our cybersecurity benchmark series! As every good detective starts with information, we’ve been digging into the classic six “w” questions: who, what, when, where, why, and how. To find those answers for security professionals, data was combined from Ponemon Institute’s global survey of IT decision makers, the Verizon DBIR, and Grand Theft Data: 2015 McAfee Data Exfiltration Study.
If you’re just tuning in, catch up on our previous blogs. Now we’ll turn our attention to assess how cybersecurity teams are performing and areas for improvement. It’s also the last of our security-related song titles, so get ready for the final countdown!
A Hard Day’s Cybersecurity Focus
We know that that cybersecurity threats are on the rise, so where are companies focusing their efforts? The most likely exfiltration methods are clearly on their radar. Of all companies, 70% monitor for suspicious emails and 50% for inappropriate access to sensitive data. But these numbers should be higher given the prominence of these threats. From the other side, over 25% of companies don’t monitor access to employee or customer data, and only 37% monitor for both. The reality is, holistic monitoring still isn’t reality for most.
Truthfully speaking, many organizations face difficulty with configuring security solutions. In fact, for 65% of teams that don’t understand how the technology works, personally identifiable information isn’t being watched! That’s certainly a concern given the rising demand for such data.
So where should organizations focus their efforts? Certain business events invite greater risk, and it’s important to identify these. New product launches and strategic planning contain more sensitive data. It’s no surprise incidents are related. But companies have tuned into that fact, and the rise of related incidents has been relatively minor. However, other events are now driving more and more data loss. Quarterly reports and other financial disclosures are prime targets. And the use of social media by employees is also a driver—unique in its ability to generate sources for cyber-crooks. Clearly, the industry needs a hard day’s focus.
Treat You Better, Monitoring Solutions
In assessing the adequacy of security defenses, false negatives are a key signal. We gain insight by considering, among organizations that use data loss prevention solutions, how many breaches still occur. This question tells us whether good tools and best practices are actually making a difference, or if organizations are naive and unaware of occurring incidents.
To answer that question, let’s first recall a fact from the first blog. Remember how an increasing percentage of breaches are being discovered by external sources? They have more detection methods, and can generate a composite view of victims’ data loss. And by external measures, among those who don’t know how monitoring technology works, 23% are unsure if they suffer data loss. Shockingly, the remaining 77% of this group believe they’re not suffering any data loss. Such a bold belief is dangerous. Numbers clearly show incidents are on the rise — there seems to be a lack of proper monitoring in many organizations.
Walk On the Secure Side
Before we getting into our final suggestions, let’s review the state of the industry. To start, it’s noticeable that the gap between data loss and its discovery is widening—especially among internal teams. Additionally, while industries with payment information have been most targeted in the past, their loss prevention systems are maturing. Demand is now increasing for personally identifiable information, health data, and intellectual property. And among data types, unstructured formats are particularly difficult to monitor with regular expressions. This makes simple configurations risky. Physical media also shouldn’t be underestimated, accounting for the second highest number of incidents. What’s the takeaway? All things considered, visibility is becoming increasingly crucial.
But there’s good news. Organizations can employ a host of tactics to bolster their defenses. The process should start with business requirements: identifying which data is most sensitive. Once that’s been done, server and endpoint scanning technologies can monitor for relevant information. Teams can further use classification tools, security notifications, and value recognition to maintain awareness. And the movement of crucial data can be flagged when not part of a normal business process. With justification screens, users can also better understand what is acceptable and what is not. Finally, after assigning owners and separating duties, policies can block suspicious data transfers.
By using an intelligent plan for data loss prevention, organizations can truly be resilient in the face of increasing threats. Surely, that will have cybercriminals singing to a different tune.
That’s a wrap for this blog series! To stay informed, follow @McAfee and @McAfee_Business for the latest. And as always, feel free to tweet any thoughts or questions with the hashtag #WhoLetTheDataOut.