“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” – Stephane Nappo, CISO, Société Générale International Banking pole
Highlights
- Insider Threats are much more costly than external incidents
- Current best practice detects data leaks emails, chats and file shares.
- Significant data leaks happen through screenshares and video which is a blind spot in DLP today
- Assertion Meetings Security uses AI/ML technologies to analyze the video and screenshares for sensitive data
- Real time alerts to SOC prevents data breaches and chat alerts to train the participants
How does my personal data end up in malicious hands?
When LinkedIn made news in June 2021 that 700 million user data was exposed or when Facebook leaks personal information of 533 million of its users, have you ever wondered how it happens and what can be done?
Data Leaks and exposures put many organizations under scrutiny from regulators and auditors especially when it is sensitive data like PII (Personally Identifiable Information). It can cause reputational loss for the enterprise and financial loss for their customers.
Data exposures happen through three categories of threats – External Threats, Security Misconfigurations, and Insider Threats
External Threats are from malicious actors looking to breach the defenses and expose data. They can be tackled by installing session border controllers for your voice network perimeter, firewalls for your data network perimeter, and using defense-in-depth strategies for all the components inside the network. These firewalls and SBCs need to be monitored using tools like Skybox, Algosec and Assertion’s SBC Security.
- Security misconfigurations
Security misconfigurations can be prevented through continuous monitoring and regular configuration audits using automation tools.
- Insider Threats
Insider Threats are much tougher to deal with, and in addition to protecting sensitive data through security configurations and perimeter defenses, it is important to monitor all traffic to detect an Insider threat causing data leaks.
Data leak protection – current best practice
While preventive measures are very essential, organizations need to detect any ongoing data leaks. This will help them limit the damage and address any gaps in training.
“We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever.”
Dr. Larry Ponemon
DLP (Data Leak Prevention) solutions are used by enterprises, nowadays, to help with this problem of Insider Threats.
- Firstly, information is classified into buckets based on sensitivity using Data Classification tools.
- Identity and Access Management (IAM) tools are used to ensure access protections to the sensitive data.
- Finally, Emails, chats and file shares are scanned to detect any PII leaks
Screenshare – The BIG blind spot
Imagine a salesperson with access to all the customers, leads, and latest RFP quotes resigning and joining a competitor. In the last days of his employment, he makes a video call to his new boss and shows him the data over a screen share. It could lead to the loss of millions in business.
Imagine, an IT administrator sharing his screen over a zoom call while an external contractor is helping him with an issue in the production database containing customer data. This data could end up on the dark web.
Imagine too, the company financials being screen shared on a Microsoft teams conference call by senior management without realizing there was an external entity in the call. It could lead to Insider trading.
Enterprises today have no real mechanisms by which they can track and detect these types of issues in screen share and/or video calls.
The next frontier in DLP – Detect data leaks in screenshare
A new breed of data leak detection tools like the Assertion Meetings Security use AI/ML technologies to analyze the video and screen shares for sensitive data.
For every call in which an external participant in involved, or where a screen share is performed an automatic trigger is sent out and a robotic agent joins the meeting as a silent observer. This agent analyzes the video in real-time and whenever a PII or sensitive data is detected, an alert is generated.
These alerts are then sent in real-time to a SOC (Security Operations Center) or directly to the participants as a chat message. The SOC then uses automated rules based on the sensitivity levels of what was detected to either block the screen share, drop the call, or send warning emails to the participants. The real-time chat message can be used to train the users and help develop secure sharing habits.
“The knock-on effect of a data breach can be devastating for a company. When customers start taking their business—and their money—elsewhere, that can be a real body blow.”
Christopher Graham
It is time for the security organizations in enterprises to address this glaring gap and take their enterprise security posture to the next level.