With news of data breaches every other day, many companies are now turning their attention to where sensitive files reside, who has access to the sensitive information, how this information is being used and securing it.
The cyber criminals’ techniques for breaking through perimeter defenses are always getting more sophisticated. Everyone realizes that network security alone is no longer a sufficient solution as the perimeter that once held sensitive information safe has been eroded. Now everyone must adapt to a perimeter-less world.
Today a large number of internal and external users enter company systems and access data daily – vendors, suppliers, partners, customers and employees. This makes it an extremely complicated task to secure sensitive files with the volume of users, applications and various levels of data access. With all of the implemented technology stack, it is daunting – if not near impossible – to secure all the various points of exposure. It only takes one weak point to be compromised and to suffer significant damages.
Whether intentional or in error, authorized users cause a large portion of data breaches and the criminals and hackers are onto this. More and more breaches are due to authorized users doing something they weren’t supposed to do.
This week there was news on Mount Olympus Mortgage Company – $25 million awarded in a lawsuit around corporate espionage. Authorized users of the mortgage company had stolen loan files, borrower information and other confidential information diverting it all to their current employer.
Last January, former GlaxoSmithKline scientists were indicted for stealing trade secrets to seed a startup company where they worked with external parties to profit from the breached information.
On September 2015, a former Morgan Stanley financial advisor pleaded guilty to taking hundreds of thousands of confidential records. The adviser was in discussions with other competitors of Morgan Stanley about a job as the breaches took place.
Last month, news broke out about a data breach within Pulaski County Special School District. An employee was responsible for compromising thousands of current and former employee’s personal information. This individual was emailing health insurance and benefits reports to her supervisor, and blind-copying the information to her personal email address including social security numbers, names, health insurance costs and individuals that did not have insurance.
Companies need to adapt and secure their sensitive data. Perimeter based security is no longer sufficient. The good news is implementing a data-centric security approach for persistent protection is available and easy to deploy.