A recent CRA report—"Legacy DLP Crumbles in the Cloud"— found that about 80% of all respondents' organizations experienced at least one data breach incident in the past 12 months. This is not surprising, given that security teams are overwhelmed with alerts. According to a Critical Start survey, almost half of security professionals turn off high-volume alerts, while nearly one-third ignore certain alert categories. This is because, for the most part, 25-75% of alerts are false positives, and investigating false positives is resource intensive and slows down operations.
Imagine someone whose emails are flagged as containing sensitive information. They have to wait for all of their emails to be scanned, and when IT is backed up with a thousand other tasks, it can take time.
SMEs face acute DLP issues with DLP Policies
So in many cases, IT will green flag the issue without necessarily investigating it. They might not have the resources to investigate every alert, nor do they want to slow operations down. This problem is particularly acute for small and medium-sized businesses. While large enterprises can throw money at the problem, SMEs can't. They need to stay productive and competitive.
Another issue is employees bending data protection rules. For instance, some cloud apps contain both PII and PCI data. DLP rules may not have been created for these or similar apps, and employees can easily access this data and send it outside of organizations. So even if sensitive data is in the cloud, if it's not specifically targeted in a DLP policy, breaches won't be detected.
Most data breaches involve the human element
Verizon's 2022 Data Breach Investigations Report discovered that 82% of data breaches involved a human element, and almost half of breaches involved compromised credentials. In terms of the human element, employees may be breaching DLP rules without even being aware of it. For instance, someone may download PII data from a cloud storage app onto their computer and share them without realizing it.
Worse, the data is exposed if the computer is lost or falls victim to malware. If someone's login credentials are compromised, cyber criminals have an open door into the company email, cloud apps and network. Look no further than the 500,000 ID credentials stolen from Zoom last year to understand the implications.
An answer for today's DLP issues
When defining and implementing DLP policies, it's important to consider a wide range of factors from the data life cycle to encryption, identity management, access management and sometimes even network architecture.
In practice, this involves prioritizing and categorizing data and understanding when data is at risk, for instance, in cloud apps that don't have security certifications. Data movement also needs to be monitored and controls in place, so only those who need access to data have it.
Meeting these criteria is onerous, especially for SME's who essentially need a dedicated DLP expert to boost their existing DLP platforms. Proofpoint's AI driven Intelligent Classification and Protection has been developed specifically to meet these DLP needs outlined above. It is sweepingly comprehensive in identifying sensitive data, defining access levels, pinpointing data exposure, and automatically generating DLP policies to enforce data protection controls. Proofpoint's Enterprise DLP solution is the answer for today's DLP challenges, whatever the size of your organization.
Be sure to subscribe to our blog.