There’s been a 47% increase in data loss incidents over the last two years; this includes accidental data loss and deliberate data exfiltration by negligent or disgruntled employees or contractors.
While every incident of data loss or leakage may not result in a breach, many do, and the cost can be tremendous. That’s why today, data loss prevention (DLP) is one of the top spending priorities for IT leaders.
Data loss prevention (DLP) is a strategy put in place to ensure data isn’t lost, misused, or accessed by unauthorized users, specifically those outside of an organization. Generally speaking, rather than proactively defending against incoming cyberattacks, DLP software minimizes the risk of confidential or business-critical data (like company IP, credit card details, medical records, insurance details, tax records, and social security numbers) leaving an organization.
We’ve covered data loss prevention broadly in this blog: What is Data Loss Prevention (DLP) – A Complete Overview of DLP, but in this article, we’ll detail how exactly DLP works.
DLP software monitors, detects, and blocks sensitive data from leaving an organization.
DLP solutions monitor different entry and exit points of a corporate network, such as user devices, email clients, servers, or gateways within the network to safeguard data in different forms, including data in motion, data in use, and data at rest.
If security software detects anything suspicious, such as an email attachment containing credit card details or an attempt to print confidential documents, a predefined response will kick in.
Note: This predefined response will depend on the solution itself and how it’s configured.
Most DLP solutions offer organizations the ability to block potentially risky communications or to simply flag the anomaly for administrators to follow up on. Properly configured DLP allows organizations to block sensitive information while permitting non-sensitive communications to continue.
Again, this depends entirely on the solution and how it’s configured. So, how do current solutions prevent data loss?
While all DLP solutions will monitor, detect, and block data, there are still several different solutions.
Unfortunately, many fall short.
How it works: Security teams can manually label and tag sensitive data. This way, it can be monitored (and blocked) when it is seen moving outside the network.
Why it’s ineffective: This approach relies entirely on employees tagging data correctly. Given how much data organizations handle, the manual process of tagging isn’t viable; employees may label incorrectly or, worse, not do it at all.
How it works: The majority of DLP solutions rely on rules that take the form of “if-then” statements. These “if-then” statements involve keywords, email addresses, and regular expressions that look for signals of data exfiltration or accidental data loss. For example, “If an employee attempts to download a file larger than 1.0 MB, then block the download and alert IT.”
Why it’s ineffective: Similar to tagging, rule-based solutions are impossible to maintain because data changes in value and sensitivity over time. Beyond that, you simply can’t define or predict human behavior with rules. That’s why 85% of IT leaders say rule-based DLP is admin-intensive and just 18% say it’s the most effective way to prevent data loss.
How it works: DLP has often been simplified to simply stopping communication with certain accounts/domains (namely freemail accounts like @gmail) or blocking access to certain tools and software (like DropBox, for example).
Why it’s ineffective: This is a blunt approach that impedes on employee productivity. There are many legitimate reasons to communicate with freemail accounts, such as updating private clients, managing freelancers, or emailing friends and family about non-work issues. What’s more, a determined insider could easily circumvent this by setting up an account with its own domain.
How it works: Machine learning models are trained off human behavior which means they understand the intricacies and fluctuations of human relationships over time. This way, they can determine whether an action looks like deliberate exfiltration or accidental data loss and prevent it before it happens.
Why it IS effective: This is the “human” way forward. Machine-intelligent software recognizes what looks suspicious, much like a trained security professional could. However, unlike humans, it can do this thousands of times per second without missing information or getting tired.
Importantly, before a DLP solution is even considered, security teams have to determine which data is considered most sensitive and which threat vectors are a priority.
Here are just a few of the things security teams should consider:
Based on how your employees communicate, you can decide which type of DLP solution is right for your organization.
While these safeguard different threat vectors, they all do the same thing: monitor, detect, and block sensitive data from leaving an organization.
Did you know that email is the top priority for IT leaders? In fact, according to Tessian’s new research report The State of Data Loss Prevention 2020, almost half (47%) said it’s the threat vector they’re most concerned about protecting.
Tessian turns an organization’s email data into its best defense against inbound and outbound email security threats.
Powered by machine learning, our Human Layer Security technology understands human behavior and relationships, enabling it to automatically detect and prevent dangerous activity like data exfiltration attempts and misdirected emails. Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network. No rules needed.
Tessian Enforcer detects and prevents data exfiltration attempts by:
Tessian Guardian detects and prevents misdirected emails by: