{"id":1353,"date":"2024-12-27T06:01:00","date_gmt":"2024-12-27T06:01:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1353"},"modified":"2024-12-27T06:01:00","modified_gmt":"2024-12-27T06:01:00","slug":"data-protection-challenges-abound-as-volumes-surge-and-threats-evolve","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1353","title":{"rendered":"Data protection challenges abound as volumes surge and threats evolve"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

In the global digital economy, data is the most important asset organizations must protect from theft and damage. CISOs are fundamentally guardians of that asset, obligated to keep it secure and available to relevant users when and where they need it.<\/p>\n

\u201cEvery company has become a data company in this day and age; even if you\u2019re Caterpillar, who\u2019s manufacturing heavy machinery equipment, you\u2019re still a data company on some level,\u201d David Richardson, VP of endpoint at Lookout, tells CSO. \u201cThat\u2019s the most valuable asset.\u201d<\/p>\n

However, given the staggering amounts of data \u2014 around 402.74 million terabytes, according to some estimates<\/a> \u2014 created daily, data protection can seem like a ceaseless struggle. Even as the volume of data that CISOs need to protect surges, the nature of the threats to that data is quickly evolving, rapidly rendering existing protection programs obsolete.<\/p>\n

Data security experts say CISOs can cope with these changes by understanding the nature of the shifting landscape, implementing foundational risk management strategies, and reaching for new tools that better protect data and quickly identify when adverse data events are underway. Although the advent of artificial intelligence increases data protection challenges, experts say AI can also help fill in some of the cracks in existing data protection programs.<\/p>\n

Vast amounts of data and shifting threats are reshaping data protection<\/h2>\n

Not surprisingly, one of the top challenges CISOs face in data protection is grappling with the sheer volume of data. \u201cIt is vast, and it is everywhere, both in terms of locations and what we try to answer for,\u201d Dan Benjamin, head of data, identity, and AI security at Palo Alto Networks, tells CSO.<\/p>\n

\u201cAn enterprise will have data on-prem, SaaS, public cloud, endpoint, mobile devices, email, and multiple different types of locations,\u201d he says. \u201cAnd traditionally, there are no single products to tackle all those locations.\u201d<\/p>\n

Some data security experts see behavioral threats, such as phishing<\/a> efforts to steal system credentials, as a relatively recent and increasingly significant challenge to keeping data secure. \u201cA top challenge is managing access to sensitive information,\u201d JD Denning, CISO at FS-ISAC, tells CSO. \u201cEnsuring that only authorized users have access to data, whether at rest or in transit, remains a constant challenge.\u201d<\/p>\n

\u201cThe biggest thing is that threat actors\u2019 tactics have evolved in the last few years,\u201d Richardson says. \u201cThese days, hackers don\u2019t hack in; they just log in using legitimate credentials and access that individual users have. That\u2019s not necessarily what the security staff was built for. It was built for \u2018Are we going to be attacked, and how and where do we need to patch all our vulnerabilities?’\u201d<\/p>\n

Another central challenge is that tried-and-true data protection methods of the past and straightforward technology solutions such as encryption are quickly becoming inadequate to manage the growing mound of data and evolving threats. \u201cThe way in which we\u2019ve traditionally relied on protecting data since the seventies is just straight-up encryption, like public-private key cryptography,\u201d Daniel Shugrue, security product expert at Digital.ai, tells CSO.<\/p>\n

\u201cThat\u2019s something that has been the cornerstone of the internet,\u201d he adds. \u201cBut since the advent of the smartphone and as mobile apps proliferate, the private key in that public-private key pair is essentially in a threat actor\u2019s hands if they do so much as go to the Google Play store and download an app. In other words, this foundation, or this cornerstone of what we\u2019ve relied on, is being chipped away.\u201d<\/p>\n

\u201cData is scaling faster than we can identify it and understand it,\u201d Lamont Orange, CISO of Cyera, tells CSO. \u201cSome legacy tools that took us to the first iteration of going to the cloud never considered data. They considered access, they considered compute, and they considered storage. They never really considered data security. We tried to secure everything else around it. And now those tools are really starting to show their warts.\u201d<\/p>\n

Lay the data protection groundwork first<\/h2>\n

Experts say that what most CISOs should consider in running their data protection platforms is a wide range of complex security strategies that involve<\/a> identifying and classifying information based on its sensitivity, establishing access controls and encryption mechanisms, implementing proper authentication and authorization processes, adopting secure storage and transmission methods and continuously monitoring and detecting potential security incidents.<\/p>\n

However, before considering these highly involved efforts, CISOs must first identify where data exists within their organizations, which is no easy feat. \u201cDiscover all your data or discover the data in the important locations,\u201d Benjamin says. \u201cYou\u2019ll never be able to discover everything but discover the data in the important locations, whether in your office, in G Suite, in your cloud, in your HR systems, and so on. Discover the important data.\u201d<\/p>\n

Benjamin adds that another critical step toward better data protection is ensuring your organization complies with regulatory and other requirements. \u201cMake sure that you\u2019re in compliance,\u201d he says. \u201cCompliance typically is an easy hack. Why? Because organizations have to do it. It covers 60%, 70%, 80% of the work that most organizations strive for. And it\u2019s budgeted.\u201d<\/p>\n

Another important step is to develop a data risk assessment and a governance framework that guides all protection strategies. \u201cDeveloping and implementing an effective data protection strategy begins with a thorough risk assessment,\u201d FS-ISACs Denning says. \u00a0\u201cCISOs must evaluate the organization\u2019s systems, networks, and data to identify potential vulnerabilities. Establishing a comprehensive data governance framework is equally important, as it defines data classification, retention, and access control policies.\u201d<\/p>\n

Data protection tools to consider<\/h2>\n

CISOs can use many technologies, tools, and techniques to help protect their organizations\u2019 data.<\/p>\n

Chief among these is the implementation of multifactor authentication<\/a> (MFA), mainly to protect against data theft from identity-based threats such as phishing campaigns. \u201cHopefully, all CISOs have already completed this step,\u201d Lookout\u2019s Richardson says. \u201cMake sure you\u2019re using multifactor authentication, specifically non-SMS-based multifactor authentication.\u201d<\/p>\n

However, in locking down data using tools such as MFA, CISOs should consider that this added protection can also frustrate internal and external users, who might devise alternative ways to access the data or give up trying. Cyera\u2019s Orange says, \u201cI\u2019ve talked to many organizations that say, \u2018yeah, we MFA, everybody. That\u2019s how we solve the problem.\u2019 You have the MFA; two minutes later, you\u2019re going to MFA again, and if you go to another system or another drive, you\u2019re going to MFA again. So that creates friction.\u201d<\/p>\n

Or, as Lookout\u2019s Richardson sums it up, \u201cIt becomes an actual trade-off discussion of the more that I lock down the data, the less productive my employees will be, the fewer data they\u2019ll be able to access, and the less data-driven they will be.\u201d<\/p>\n

Another protection tool is implementing a tracking system that identifies abnormal or anomalous behavior, such as one that delivers user and entity behavior analytics<\/a> (UEBA). \u201cThe concept here is you want to examine all of the behaviors of all users and devices regarding what sort of data they\u2019re accessing, make sure that it makes sense, and put additional checks and gates in place,\u201d Richardson says.<\/p>\n

\u201cSo, for example, somebody in sales should be able to log into Salesforce and see their customer information. But do they need to be able to export every single customer\u2019s name and phone number? Probably not.\u201d<\/p>\n

FS-ISACs Denning points to data loss prevention (DLP) tools that combine cybersecurity measures, such as firewalls, endpoint protection, and system monitoring, as critical components of a data protection program. \u201cData loss prevention tools are also critical as they help monitor, detect, and prevent unauthorized sharing of sensitive information,\u201d he says.<\/p>\n

As is true with everything else in cybersecurity, \u201cit is crucial for organizations to foster a culture that prioritizes cybersecurity,\u201d says Denning. \u201cEmployees at all levels should be actively involved in the process since those who lack awareness or fail to follow secure practices can inadvertently expose critical data.\u201d<\/p>\n

AI both complicates and improves data protection efforts<\/h2>\n

All experts agree that the emergence of artificial intelligence could be a game-changer that simultaneously complicates and enhances<\/a> data protection efforts.<\/p>\n

\u201cThe largest concern of organizations using and hosting AI applications is \u2018how do we govern the data,’\u201d Palo Alto\u2019s Benjamin says. \u201cHow do we ensure the AI model will not read data that it shouldn\u2019t? And how do we ensure the AI model will not get trained on data that it shouldn\u2019t? How do we ensure it doesn\u2019t spit out data that it shouldn\u2019t? AI security is becoming a data security problem.\u201d<\/p>\n

However, the flip side is that AI can help organizations spot data threats faster and better than ever. \u201cAI and machine learning technologies are becoming increasingly helpful for detecting anomalies and emerging threats,\u201d Denning says. \u201cThese tools analyze patterns in data traffic and behavior, enabling organizations to address potential vulnerabilities proactively.\u201d<\/p>\n

At the same time, AI can help fill in the cracks in data protection programs. Cyera\u2019s Orange likens data protection to a basketball. \u201cThe basketball has seams,\u201d he says. \u201cNone of [an organization\u2019s data protection tools] are connected.\u201d<\/p>\n

\u201cSo, all the gaps are in the seams,\u201d Orange says. \u201cAnd I\u2019m proposing that we\u2019re at a point technologically where we can leverage some of the modern technology around LLMs and AI to start giving direction to some of those tools in the seams to provide a more holistic coverage.<\/p>\n

He adds, \u201cNo one tool can do it all, but you do need a brain that can control and issue signals consistently across your data landscape.\u201d<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

In the global digital economy, data is the most important asset organizations must protect from theft and damage. CISOs are fundamentally guardians of that asset, obligated to keep it secure and available to relevant users when and where they need it. \u201cEvery company has become a data company in this day and age; even if […]<\/p>\n","protected":false},"author":0,"featured_media":1354,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1353"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1353"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1353\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1354"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}