Data Protection in the Era of Unstructured data, Remote Work, and Collaboration

Over the last 2 months, we have been writing about what remote work means to data security. You can find some of those posts here

/blog/cybersecurity-perfect-storm

/blog/remote-work-in-the-age-of-covid-19

/blog/to-zoom-or-not-to-zoom

We decided to take a step back and look at what data security means in the broader context of what the new normal is likely to look like. Even before recent happenings, data security has never been more important and more challenging. This is because of explosion of data in enterprises, the rise in unstructured data and the messy nature of data being everywhere – on-premises and in the cloud have made data security very challenging. COVID and the pandemic have only added to this challenge by triggering a massive surge in work from home for a workforce that is also distracted and stressed from the pandemic, economic uncertainty and the blurring of lines between personal and professional loves. A testament to this is companies are announcing company holidays to stem burnout for employees1.

Employees are now working from home and consequently there is a massive increase in collaboration across all forms of biz content, including the most sensitive such as biz confidential data, IP data, PII/PCI and financial data. This means that biz critical data could potentially be at risk from a myriad of factors such as

• Inappropriate sharing: Content that is shared with folks who should not have access to it
• Incorrect access permissions: Data shared incorrectly
• Erroneous classification that may have confidential data be tagged as public and now accessibly by everyone

Which means that the threat surface for data has just increased exponentially because

• If any user is compromised by a cyber attack , in so far as they have access to sensitive corporate data , that data is now available to the attacker. This is going to become even more of a challenge with employees working from home, under stress and distracted
  • Let’s say we have hedge fund that has 500 employees. Lets say there are trading documents in a hedge fund that should only be accessed by the trading department which may comprise 30 traders, if those documents are now available to all employees, you have made it 20 times easier for the attacker to gain access this data as if they compromise any employee in the company , they can gain access to this data whereas now all they have to do is compromise any one employee and they have access to this data. You have now increased risk to your sensitive data by 1566.67%
• Insider threats are another big problem. Motivations that compel employees to become malicious insiders include financial distress, disgruntlement, and announcement or fear of layoffs. Employees may choose to take your valuable data with them to take revenge on the company or to prepare themselves for future employment or financial gain2 3

All of this could mean exposing biz critical data to employees and 3rd party that should not have access to it. This means that the risk to data from a compromised user or a negligent employee or insider is now vastly greater and this could significantly raise the odds of a data breach or loss, There is now clear evidence that COVID related attacks are up significantly, between 30 and 50% for most enterprises4. This prompted the DHS, CISA and NCSC to publish this advisory about how COVID-19 is being exploited by malicious cyber actors https://www.us-cert.gov/ncas/alerts/aa20-099a. All of this has a material impact on a company’s bottom line. This article presents some interesting findings about the financial impact that data breaches have on https://www.comparitech.com/blog/information-security/data-breach-share-price-analysis/

• Share prices of breached companies hit a low point approximately 14 market days following a breach. Share prices fall 7.27% on average, and underperform the NASDAQ by -4.18%
• In the long term, breached companies underperformed the market. After 1 year, Share price grew 8.38% on average, but underperformed the NASDAQ by -6.49%. After 2 years, average share price rose 12.78%, but underperformed the NASDAQ by -12.88%. And after three years, average share price is up by 32.53% but down against the NASDAQ by -13.27%. It’s important to note the impact of data breaches likely diminishes over time.
• Finance and payment companies saw the largest drop in share price performance following a breach, while healthcare companies were least affected
• Breaches that leak highly sensitive information like credit card and social security numbers see larger drops in share price performance on average than companies that leak less sensitive info

What can enterprises do

It is important for enterprises to ensure that the attack surface around data is mitigated during these times to combat the problem of a compromised user or threats from an insider

Tactics to mitigate risk from a compromised user

• Ensure that only the appropriate folks have access to sensitive data.
• If biz critical data is inappropriately shared inside or outside the company, it is important to identify such violations quickly and remediate it effectively
• If sensitive information is placed in public folders, be able to quickly identify such violations and rectify

Tactics to mitigate against insider risk

• Ensuring that only appropriate folks have access to sensitive data is also useful against disgruntled insiders as it ensures that they don’t have access to sensitive data they should not have access to
• Having great visibility into your biz critical data and what employees are doing to that data at all times. For e.g. making sure that you are made aware of when employees share biz critical data with their personal accounts as this is often a leading indicator of IP theft
• It is also important to ensure that as employees are laid off, that they don’t take company data with them, while making sure they are still allowed to take their personal data

Mitigating against the risks of a cyber-compromise and insider threats requires a combination of

• Having a good inventory of all your biz critical data
• Being able to effectively monitor such data for risk where violations such as risky sharing, putting info in locations where it can be publicly accessed etc can be identified and rectified.

The challenges of both of this have traditionally been

• How you do easily inventory all your information without relying on rules, regex and word patterns
• How do you figure out what the appropriate security policies are for important data and monitor for violations and quickly surface high risk data?

Those are the capabilities we’ve built at Concentric. Using deep learning, we autonomously find, categorize, and assess the millions of documents your employees use every day. Semantic Intelligence© delivers next-level data protection that’s even more critical as we confront today’s challenging threat landscape from the distance of our home offices. Would like to learn more? [email protected] or schedule a demo https://landing.concentric.ai/demo-request

1. https://www.reuters.com/article/us-healthcare-coronavirus-alphabet/google-announces-company-holiday-on-may-22-to-stem-virus-burnout-idUSKBN22K2XD
2. https://go.forrester.com/blogs/pandemic-fallout-creates-perfect-conditions-for-insider-threat/
3. https://www.infosecurity-magazine.com/news/check-point-detects-30-increase-in/