What Do Firms Need to do to Ensure Enterprise Data Protection in 2023?

The need for effective enterprise data protection has never been greater. Not only are companies around the world facing more threats than ever before, but the penalties for failures in this area are also significant.

Potential consequences come from both regulators, who are taking a tougher line than ever when it comes to breaches of consumer privacy, and customers themselves. Nobody wants to do business with a company that displays a lax attitude towards their privacy, whether this is selling their data without permission or leaving it vulnerable to the activities of hackers. 

With cybercriminals constantly circling and waiting to take advantage of any mistakes in your enterprise data security, it therefore pays to make sure you’ve got defenses in place that are able to cope with whatever the coming months and years will hold. 

Sponsorships Available

Sponsorships Available

Sponsorships Available

A key trend over the past few years has been a growing recognition of the importance of data to both businesses and hackers. In the past, ransomware attacks, for instance, primarily sought to disrupt businesses by encrypting data or blocking access to systems. However, in 2022, our research showed almost nine out of ten attacks (89 percent) also exfiltrated data, indicating the increased value hackers can now get from targeting these precious assets.

One of the biggest issues facing many firms as a result of this focus on data is so-called ‘double extortion’ ransomware. This has become a much greater threat in the last couple of years – partly because it promises a much better likelihood of profit for cybercriminals.

As firms have become better at mitigating against encryption-based attacks, through improved backup solutions such as continuous data protection that allow them to more easily recover undamaged files, hackers have turned to new tactics.

Double extortion techniques are so successful because they don’t just demand firms pay up to restore access to their data – which many companies should now be able to do without making a payment. In many cases, the real motive for giving into demands is to prevent the public release of company or personal data, and all the associated problems this can cause.  

When faced with the threat of serious fines or reputational damage, it’s no wonder so many firms opt to pay up in order to not only recover data but also avoid negative publicity. In 2022, for instance, Statista estimated that 71 percent of companies worldwide fell victim to a ransomware attack, of which 62.9 percent paid the ransom.

However, paying ransoms in order to keep incidents quiet comes with its own risks, including the potential for criminal charges. Last year, for example, Uber’s former chief information security officer Joe Sullivan was found guilty of obstructing a government investigation after covering up a 2016 breach that compromised the personal data of 50 million customers and seven million drivers.

To be successful at attacks like double extortion ransomware, cybercriminals must be able to exfiltrate sensitive data in the first place. Therefore, having the right tools in place to identify and spot this threat must be a priority. Yet this is something that many traditional solutions, which are outward-looking and focus on perimeter defense, fail to do effectively.

You also need to consider the risks posed by an insider threat. This can include careless or negligent behavior, such as reusing passwords or falling for phishing attacks, but also more malicious activities.

If an employee feels they have been wronged in some way and is out for revenge or is looking to steal sensitive data for financial gain, this can be very hard to spot. In many cases, they may have legitimate access to data which enables them to bypass traditional data security monitoring tools.

Another enterprise data protection challenge that many firms are having to deal with is the fact that their digital environment is now often much bigger and harder to control than in previous years. This is mainly due to changes in the way many companies operate, especially when it comes to remote and hybrid workers.

In the past, most firms had a relatively small network perimeter, with the vast majority of systems and data storage solutions kept within their premises. But this is no longer the case. 

As well as trends such as the shift to cloud storage, the rise of remote, home and mobile working means there are more endpoints for hackers to exploit – and many of these are likely to be personally-owned or unapproved devices (so-called ‘shadow IT’) that are not covered by traditional enterprise data security measures. As such, its vital firms have a plan for addressing this issue that finds a balance between data protection and convenience and usability for remote workers.

Hackers have always been quick to respond to evolving trends, and remote and hybrid working is no exception. Cybersecurity provider AON, for example, noted that when Covid lockdowns forced many businesses to shift to home working, the proportion of attacks targeting home workers increased from 12 percent of malicious email traffic to more than 60 percent in just six weeks. With many firms now making hybrid working practices permanent, this presents a dangerous new threat for enterprises.

So how should firms go about tackling these issues and ensuring their enterprise data security and protection? There are a few key principles to remember if companies are to successfully protect their private data. 

Among these are having a complete picture of your network environment – including any personally-owned data storage devices. You also need to demonstrate strong governance and ensure all your solutions, from training processes to software tools, are regularly reviewed and updated.

Understanding exactly what type of data you have and what its value may be to hackers is a critical first step. This ensures you’re able to prioritize your resources effectively – which is vital in the big data era when budgets are always stretched.

While most firms will hold many types of data, ranging from information that is constantly being accessed through to historical records held in tape archives, there are a few essential types that should be at the top of the list when it comes to data protection. These include:

Mission-critical data: The tools you need to operate day-to-day. This includes the transactional data generated by everyday systems such as sales and CRM tools and is vital to servicing customers.

Private company information: This may be highly valuable to competitors, and as such is often a target of industrial espionage. It includes the master data you hold on customers and products, as well as trade secrets, R&D data and future planning strategies.

Customer personal data: Arguably the most important type of data from a regulatory viewpoint, misuse, or careless handling of personal or financial data belonging to consumers can lead to costly fines.

Another key step is having a clear data governance plan. This should set out who in the organization holds ultimate responsibility for data privacy and security. However, this isn’t just good practice – depending on where you do business, it may be a requirement. 

Having a named data protection officer is a key duty for any firm that is covered by the EU’s General Data Protection Regulation (GDPR). This role is about much more than making sure data is secured against intruders. It also requires them to closely monitor how businesses use the data they collect about customers, to ensure it is not being stored, used or traded inappropriately.

This should include putting together clear documentation on exactly what type of data is being collected and processed, why it is necessary for the running of the business, and what data protection solutions are in place to keep it secure.

Being able to prevent data exfiltration is a critical part of any enterprise cybersecurity strategy, but this is easier said than done. Many firms that are focused on perimeter defense could find themselves overlooking activities within their network that can lead to data theft. 

It’s impossible to guarantee 100 percent protection from intrusion, so being able to spot suspicious activity within your boundaries and stop sensitive data being removed from the business – either by hackers or insider threats – is a must.

A common solution to those challenges is to deploy data loss prevention (DLP) software. However, these tools alone may not provide the security against data exfiltration that businesses expect.

One reason for this is the outdated way such solutions work. In many cases these tools are structured, data-centric systems that are dependent on techniques such as signature matching. As such, when it comes to examining data traffic for suspicious behavior, they can struggle to distinguish between different users, identify user intent, or understand the context behind data transmission and communication.

This can mean dealing with the frustration of false positives or letting hackers slip through the net – in which case the first time a firm knows it’s suffered a data leak may be when it receives a ransomware demand.

In addition to this, they typically require large resources to operate and maintain. What’s more, because they must send every data packet through a central hub where it is decrypted and analyzed, they can even be a weak point for hackers to exploit.

To address these issues, a more modern approach to preventing data theft is required. A true anti data exfiltration (ADX) system can deploy advanced technologies such as machine learning and behavioral analysis to build a much more complete picture of what normal activity within a network looks like, and automatically take steps to block any attempted data exfiltration before it occurs.

By using AI-driven behavioral analytics, firms can take a more use-centric approach to their data management efforts. This means they will be able to detect hacking attempts and react immediately without disrupting the activities of legitimate users. For example, it can analyze unusual behavior ranging from large out-of-hours data transfers to contacting unidentified external servers. 

Another factor to consider is how these tools operate within the network. Large, resource-intensive DLP tools may not only miss the activities of sophisticated hacks, but they also slow down operations as all traffic has to be routed through them. This can be particularly inconvenient for mobile and remote workers, which may lead to them developing workarounds that can bypass the corporate network altogether.

Effective ADX tools however, are designed to be as lightweight as possible. This means that they can be easily added to every endpoint, including mobile devices, without introducing any performance or productivity issues. It also ensures there are no gaps in your security coverage that can be exploited by hackers targeting remote workers.

Having protection at this layer of the network makes it easier to maintain GDPR compliance and ensure customer data is being secured wherever and however it is accessed. Without this, there will always be blind spots within your system that malicious actors can exploit.