The development of information technologies brings new challenges. It is especially relevant for the field of cybersecurity. Malicious actors adopt AI-powered solutions, enhance phishing techniques, and evolve their tactics. The issue of new data transfer channels became acute with the widespread use of remote work and hybrid workplaces. Therefore, protective measures need to adjust to the new circumstances. Let’s discuss the most important competencies for Data Loss Prevention (DLP) systems.
Control Data Channels
The number of monitored data transfer channels is an essential parameter for Data Loss Prevention systems. Generally speaking, the longer the list, the more effective the solution will be. It is crucial to manage all data channels within the company to ensure data security. Data security can be compared to a boat: if there is a leak, the boat will sink.
The majority of DLP systems are capable of monitoring well-known things like emails, FTP servers, NATs, and USB devices. Many companies have business accounts in WhatsApp to contact customers. A lot of remote workers are using Google Drive to store business documents. Are you sure that your DLP system can reliably control cloud storage services? Can it secure modern instant messengers like Telegram?
For example, let’s examine one of the recent data leak incidents, Apple vs. Rivos, Inc. In 2022, several Apple employees terminated their contracts and found new positions at Rivos. According to the lawsuit, some of them synced their workstations with cloud storage, while others transferred corporate files to external HDDs or wireless NATs. As a result, Apple’s trade secrets were under the threat of disclosure.
This breach is relevant because it involved multiple data transfer methods. It highlights the fact that effective DLP systems need to provide comprehensive data monitoring. Nobody wants to hear that a leak occurred through instant messaging or corporate cloud storage. One hole is enough to compromise the entire security architecture. It is important to ensure that your DLP system monitors all data channels in use.
Analyze Content
The second critical parameter for a DLP system is the capability to prevent threatening data transfers. It’s a well-known trick to advertise that “we can block this and that” in marketing materials, while the reality is a little bit more complicated. It is important for a DLP to not only block file transfer on the basis of file attributes but also on the results of content analysis. Sometimes even loyal employees can make a mistake and share sensitive records by accident.
In 2023, a member of Samsung’s R&D department encountered an issue with some source code. To swiftly find the solution, the specialist copy-pasted the code into ChatGPT and asked it to find the mistake. The consequences were disastrous because AI-powered solutions are capable of learning and integrating entered prompts in the training database. OpenAI’s tool shared the code with other users to answer questions in this specific field. The incident resulted in the violation of Samsung’s intellectual property rights and significant financial losses for the corporation.
This incident emphasizes the importance of content analyses for DLP systems. Employees can share sensitive records in a plain text form. A data leak can happen as a result of a mistake or by deliberate actions of a malicious insider. All information security specialists have to double-check technical aspects and details of implemented solutions. It is nice if your DLP system can prevent 100% of suspicious file transfers. However, are you sure it can achieve the same outcome for plain text and screenshots? The devil is in the details.
Optimize Workflow
According to the survey by Gurukul, 76% of respondents attribute growing business and IT complexity as the main drivers for increased insider risk. One might ask why both factors were considered together. From my perspective, the answer is obvious—both factors can be attributed to time. The growing infrastructure and complexity of the implemented solutions increase the time required for security specialists to perform their duties.
I would like to state that advanced analytical tools are a must for a DLP system. With investigation assistance, an information security specialist can address an incident in a couple of minutes. On the other hand, the same incident can take 10-15 minutes without such instruments. Just imagine that you have not a couple of dozen alerts per day, but several hundred. The cumulative effect will impact the quality of security measures.
For example, detailed information about data transfers between users can greatly enhance the investigation process. An IS specialist will not need to spend time manually reconstructing the incident. An advanced DLP solution will provide them with a complete picture of user connections and file operation logs.
Complex GUI, inefficient analytical tools, and lack of proper investigation instruments—all of these contribute to the amount of time spent on security. Information security specialists are working under the stress conditions. Nearly a quarter of employees in this field are considering leaving their positions. An overwhelming majority of them, 93%, cite stress as a main reason. Choosing a smart DLP can save you time, reduce stress levels, and make you more effective.
Checklist for DLP
There are a lot of DLP solutions on the market. You can easily compare them and find pros and cons for each system. But my key point will be the same—pay attention to the essential parameters. They’re the major ones.
- The number of monitored data transfer channels is important for a solid DLP (Data Loss Prevention) system. As IT continues to develop, so do the potential sources of data leakage. Instant messengers and cloud storage services are just two examples of such sources.
- Advanced prevention capabilities: DLP systems need to work with both file attributes and content. Sometimes, malicious actors and trusted employees can bypass attribute-based access rights management. Safeguard your company with additional content-based analytical capabilities.
- Powerful analytical and investigative tools will greatly enhance an IS specialist’s performance. They will save time and prevent burnout, as well as strengthen the security posture of the organization.
