As data has become valuable currency, data exfiltration is a bigger issue now than ever before. And, while it’s a complex problem to solve, it’s not a losing game. Techniques and technologies have been evolving and today we are better able to control and prevent data exfiltration.
To successfully prevent data exfiltration, you have to understand the various moving parts. When it comes to protecting data, there are three key challenges:
Since old-school software and keyword tracking tools have proven largely ineffective at preventing exfiltration, some security teams have proposed that rather than relying only on software, people should be trained on how to safely manage data and information.
Training allows employees to learn about internal policies, regulations like GDPR and CCPA, and other best practices around data. But, it’s important that organizations reinforce training with practical applications.
Some training will reinforce company policies and compliance with data privacy regulations. but the majority of training and awareness programs center on teaching employees about inbound threats like phishing attacks and BEC.
Very few training and awareness programs educate employees about outbound security risks like accidental and deliberate data loss.
To really empower employees to work securely and prevent data exfiltration, organizations have to look beyond compliance training to in-situ learning opportunities provided by contextual warnings, triggered by suspicious activity.
Beyond preventing breaches, these warnings help promote safe behavior by asking employees to pause and think “Am I making the right decision?”
But, too many warnings or pop-ups may have the opposite effect.
Take, for example, pop-ups that prompt you to accept cookies on websites. Because most of us encounter these on every website we visit, we ignore them or blindly click to consent. This is called alert fatigue; the more pop-ups you see, the less you care about them. The same applies to in-situ learning. If employees encounter notifications warning against risky behavior on 25% of emails they send, they’ll stop paying attention to them.
So, what’s the solution? Warnings should only trigger when there’s a genuine security risk. That means security software must be able to distinguish between normal emails and suspicious ones with the utmost accuracy. Warning notifications should also contain relevant and easy-to-comprehend information about why the email has been flagged to help reinforce security training with context.
Even with training and in-situ learning, organizations need a final line of defense against data exfiltration. For many organizations, that last line of defense is rule-based technology.
But, rule-based solutions are blunt instruments.
The best way to illustrate this is through an example.
To prevent data exfiltration on email, an organization might block communications with freemail accounts (for example, @gmail, @yahoo, etc.). But, imagine the marketing department outsources work to a freelancer. In that case, the freelance worker may use a freemail account. When the employee attempts to communicate with this trusted third-party, the email would be blocked and the employee will be unable to carry out their work.
Unlike rule-based solutions, ML-based solutions like Tessian are agile.
Tessian’s machine learning algorithms are trained off of historical email data to understand evolving human relationships on email. Instead of relying on rules to flag suspicious emails, it relies on context from millions of data points from the past and present. That way, solutions like Tessian Enforcer and Tessian Guardian are able to uniquely understand every email address in an organization’s network and can, therefore, automatically (and accurately) identify whether a recipient is a trusted third-party or an unauthorized non-business account.
Preventing data exfiltration requires well-trained employees and intelligent solutions. To learn more about how Tessian combines in-situ learning with machine learning to reinforce training and prevent data loss, request a demo.