We’ve all heard sports stars and even militaries quote the famous Chinese general Sun Tzu when preparing for a big game or battle. Sun Tzu was a master strategist and completely grasped the concept of deception when facing an opponent. One of the best quotes in his famous book, “The Art of War” regarding deception goes like this:
“All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.”
This man understood the benefits of deception in order to win; plain and simple. In our case the battle is for our data and it’s currently under attack. Let’s discuss this ideology a little more from the stance of data security.
Let’s get something out before we start here – Deception isn’t an active blocking technology. It’s not going to stop attackers from breaking into your network and it sure isn’t going to proactively stop attacks from occurring. With that being said, you need it, maybe more than ever. Why is that? Because your defenses aren’t working and by using deception in your network it gives you the best opportunity to control the damage post-breach. With deception, you write the rules and lay traps for attackers as they actively scour for your data. It’s much harder to bypass deceptive technology when the decoys mimic genuine data or systems. The bad guys only have to mess up once and the trap is sprung.
At the 2016 RSA Conference in San Francisco, CA, Todd Feinman, CEO and Gabriel Gumbs, VP of Product Strategy presented on Sensitive Data Management Maturity – The DLP Missing Link.
As a company and with the help of industry professionals, we created a Sensitive Data Maturity Model to help organizations identify where their data is, who owns it, what should be done with it, and how much of it exists.
Many organizations have massive amounts of data that resides in multiple locations, making it hard to control where that data is, what is classified as sensitive data, and what permissions to allow for specific data types. With automated persistent classification, you are identifying within the metadata what is confidential, sensitive, or public, and are able to implement the proper processes and technology to block the sensitive data from leaving your organization.
Data classification is simple—it entails assigning a level of sensitivity to each piece of information, making it easier to locate and retrieve. Classifying data is essential in enabling enterprises to make sense of their vast amounts of data. Without data classification, an organization treats all data as if it were the same. You can’t know the level of sensitivity of any specific data because it hasn’t been properly categorized. Failing to classify data increases the risk of it being compromised. It also increases the possibility that you could be placing security controls on data that isn’t in fact sensitive, leading to loss of productivity and efficiency.
This eBook highlights how you can classify your data so you can reduce your sensitive data footprint. Here are a few highlights from the eBook: Continue reading →
Recently we announced Sensitive Data Manager 9.0, our Data Loss Prevention (DLP) solution. In addition to offering the highest accuracy of data discovery and data classification, this release adds powerful, custom data discovery capabilities that reduce the burden on IT Security by allowing organizations to locate their unique sensitive data. Sensitive Data Manager 9.0 increases automation of classification and DLP security controls, reaching deep into cloud environments to further data minimization efforts and manage sensitive data. The addition of user-driven data classification further empowers organizations to take a hybrid approach to integrated DLP management, enabling them to leverage both automated and manual classification. Continue reading →
Forrester recently released an insightful report Understand The State Of Data Security And Privacy: 2015 To 2016, based on hundreds of discussions with security experts. The in-depth research of the data security industry highlights which core data security technologies are in demand for 2016 and how our behaviors and motivations make data loss inevitable. It also covers why safeguarding the customer experience is essential for building trust, and why a data-centric approach to security is a must for businesses.
It turns out that in past 12 months, the top three most common ways that breaches occurred were internal incident within an organization (39%), external attack targeting an organization (27%), and external attack targeting a business partner/third-party supplier (22%). Also personally identifiable information (PII) was one of the top two data types compromised most in a data breach. Continue reading →
An effective data protection program minimizes your sensitive data footprint and helps keep business-critical and regulated data secure and out of the hands of attackers. The best way to develop and maintain such a program is to think of it as a process, not a project. Here are ten steps to help you put your process in place.
Adopt a logical approach to data protection
First, make sure minimum security baselines are in place, including perimeter and end-point security. Then, analyze how your business operates so you can identify and locate your sensitive data; understand how it’s created and used; classify it; and prioritize your data assets.
Understand the data lifecycle
To protect your sensitive data most effectively, you need to understand its lifecycle, whose stages are: create, store, use, share, archive and destroy. Knowing the stage a specific file with sensitive data occupies determines in large part what policies you should apply to best protect it. Continue reading →
Locating credit cards, personally identifiable information such as SSNs and drivers licenses is a staple of our AnyFind® technology. AnyFind narrows the likelihood of a positive match and eliminates false positives through a series of validations while looking for those discrete pieces of data the way a human would. For example, when looking for a Social Security number, if you simply look for a 9-digit number you get a lot of noise. A zip +4 that is missing a dash can trigger a false positive. AnyFind has a unique approach: We look at the context of data, including location and proximity to make accurate determinations, along with 100+ validators.
Locating proprietary institutional data on the other hand—sensitive data that could only be understood and identified by its owners and creators—was the inspiration behind our Sensitive Data Engine!
Today, we launched Sensitive Data Manager 9.0, our Data Classification, Discovery and Data Loss Prevention solution boasting a centralized, on premise-to-cloud view into your sensitive data. Sensitive Data Manager 9.0 provides your organization with the ability to classify, monitor and protect organizationally unique sensitive data. Continue reading →
The fact that an organization is not in the healthcare industry or isn’t a HIPAA-covered entity doesn’t mean it’s not at risk of a PHI data breach.
This is just one headline finding from one of the best reports we’ve seen on PHI data breaches. If you really want to understand how PHI data breaches happen, who’s being targeted, what methods the bad guys are using, and what can be done to fight back, this is the report to read.
The 2015 Verizon Protected Health Information Data Breach Report is an in-depth, quantitatively sophisticated study that examines the problem of medical data loss. According to the report, “This is a far-reaching problem that impacts not only organizations that are victims of these breaches, but also doctor-patient relationships. And it can have consequences that spread more broadly than just those directly affected by the incidents.” Continue reading →
This has been a busy year for cybercriminals: There were more than 600 breaches in 2015 that involved identity and data theft. Our customers, colleagues and fellow security professionals have asked us what we think 2016 will look like, so here are our cybersecurity predictions for this year.
These are insights and extrapolations for the serious practitioner who makes his or her living from keeping other folks safe online. Staying true to our brand of providing the highest-accuracy findings, we’re focusing on making accurate rather than sensationalist predictions.
The predictions are organized as a timeline to describe how trends in information security may evolve in 2016.
Breaches will continue to proliferate in severity and frequency
You no longer need to worry about compliance if you understand the total cost of being non-compliant. Should you happen to fall in this category then the infographic below may not be of much use.
In the first six months of 2015 there were 1,860 data breaches and 95% of the exposed records were a result of hacking. A fair number of those unfortunate victims of cyber-crime were indeed compliant. Unfortunately many were not. In the wake of dealing with customer churn, negative press and recovering from productivity affecting attacks they now had to deal with regulators and fines. Continue reading →