It’s worrying to note that across DLP platforms, on average only about 4 percent of alerts are ever investigated. This is because, for the most part, investigating false positives is resource intensive and slows down operations.
Imagine someone whose emails are flagged as containing sensitive information. They have to wait for all of their emails to be scanned, and when IT is backed up with a thousand other tasks it can take time. Replicate this across an organisation with thousands of employees and you get a sense of the scale of the task. And unfortunately, this illustration of flagged emails is actually common.
SMEs face acute DLP issues
So in many cases, IT will green flag the issue without necessarily investigating it. They simply don’t have the resources to investigate every alert, and neither do they want to slow operations down. This problem is particularly acute for small and medium sized businesses. While large enterprises can throw money at the problem, SMEs can’t. They need to stay productive and competitive.
Another issue is employees bending data protection rules. For instance, some cloud apps contain both PII and PCI data. DLP rules may not have been created for these, or similar apps and employees can easily access this data and send it outside of organisations. So even if sensitive data is in the cloud, if it’s not specifically targeted in a DLP policy, breaches won’t be detected.
Most data breaches involve the human element
In Verizon’s 2021 Data Breach Investigations Report, it was discovered that 85% of data breaches involved a human element and 61% of breaches involved ID credentials. In terms of the human element, employees may be breaching DLP rules without even being aware of it. For instance, someone may download PII data from a cloud storage app onto their computer and share them without realizing.
Worse, if the computer is lost or falls victim to malware, the data is exposed. If someone’s email address and ID credentials are hacked, then cyber miscreant have an open door into the company network. Look no further than the 500,000 ID credentials stolen from Zoom last year to get a sense of the implications. And these are just two scenarios from many.
An answer for today’s DLP issues
When defining and implementing a DLP policy, it’s important to consider a wide range of factors from the data life cycle to encryption, identity management, access management and sometimes even network architecture.
In practise, this involves prioritizing and categorizing data and understanding when data is at risk, for instance in cloud apps that don’t have security certifications. Data movement also needs to be monitored and controls developed so only those who need access to data have it.
Meeting these criteria is onerous, especially for SME’s who essentially need a dedicated DLP expert to boost their existing DLP platforms. Dathena’s AI driven Augmented Data Protection has been developed specifically to meet these DLP needs outlined above. It is sweepingly comprehensive in identifying sensitive data, defining levels of access, monitoring for breaches and automatically generating DLP policies to enforce data protection controls. It’s the answer for today’s DLP challenges, whatever the size of your organization.