Currently, one of the most devastating incidents in the field Cyber security Associated with Data loss. Includes data loss in the context of cybersecurity Strategies, processes and technologies Used by security teams to protect confidential information against theft, loss and misuse.
Data is a critical asset for many companiesTrade secrets, personal customer data, and other confidential information are stored on shared corporate networks.
for this reason, Cybercriminals focus their attacks on this information for personal gain.causing recurring challenges for organizations when trying to prevent these types of intrusions.
Data loss arises from the interaction between people and technology, and is likely to happen Careless users cause these accidents From compromised or misconfigured systems.
Although some companies devote their resources to implementing data loss prevention (DLP) solutions, studies conducted by the SILIKN Research Unit reveal that these investments are often insufficient. In fact, the 92% of organizations examined experienced data loss Over the past year, with particular emphasis on Mexican government agencies.
98% of affected organizations experienced negative consequences Such as the cessation of operations and a decrease in income, while 82% reported that they suffered damage to their reputation.
One aspect to consider is that 17% of users were responsible for 91% of these types of incidentswhich highlights the most important aspect of the data loss problem: causes of human origin, emphasizing that incidents are, for the most part, caused by careless, hacked or malicious users and this trend will continue in the future.
Given the above, it is essential for organizations to re-evaluate their data loss prevention methods to address the root of the problem, which is linked to people's actions.
This way, they will be able Identify, investigate and respond appropriately to threats Across all channels your employees use, including cloud, desktop, email, and web browsing.
Data loss is a widespread challenge, but one that requires effective preventative measures. SILIKN Research Unit noted that organizations face more than one incident per week, and according to the analyzes conducted, the main reason was the negligence of users, including actions such as Interacting with fraudulent emails, accessing phishing sites, and installing unauthorized software And Send confidential information by email to personal accounts.
These behaviors can be avoided and can be reduced through measures such as implementing DLP policy rules for email, web browsing, cloud file sync, and other common forms of data use, management, storage, and extraction.
According to information collected by SILIKN's research unit, over the course of 2023, nearly a third of employees sent an average of three emails to incorrect recipients. This means that A company with 500 employees could find itself with around 1,500 misleading emails every year.
Another relevant aspect is that 55% of organizations examined reported that malicious individuals within the company, such as employees or contractors, were involved in these incidents From data loss. The intentional and potentially harmful actions of these individuals, including the dismissal of employees who seek to harm the organization, can have more serious repercussions than those of negligent employees, because the latter are motivated by personal interests.
Employees who leave a company do not always intend to act maliciously; Some simply consider that they have the right to take the information they have created with them. The results of this study indicate that 93% of sloppy file leaks among cloud users over an 18-month period were due to employees leaving the organization. This highlights the importance of implementing preventive strategies, such as creating a security review process tailored to this group of users.
Another related point is that 76% of companies surveyed said employees have access to confidential information, such as HR, finance and legal professionals., are the ones that represent the greatest risk of data loss. These findings suggest that companies should focus on adopting best practices, such as implementing data classification systems to identify and protect information vital to the operation of the business, as well as closely monitoring those individuals who have access to sensitive data or administrator privileges.
It's clear that strategies like adopting platforms designed specifically for data loss prevention can improve security programs by giving security teams complete visibility into users and data across all incidents, allowing them to address a wide range of incidents from data loss scenarios focused on human actions. This is critical to data security, so data loss prevention programs must recognize and act accordingly.
————–
*Silicon founder | Technology Entrepreneur | (ISC)² Certified in Cybersecurity ℠ (CC) | Certified Cybersecurity Trainer (CSCT™) | European Council Ethical Hacking Basics (EHE) | Council Certified Cybersecurity Technician (CCT) | Leader of the Queretaro chapter of OWASP.
Twitter: https://twitter.com/silikn
Instagram: https://www.instagram.com/silikn
Youtube: https://www.youtube.com/@silikn7599
“Beeraholic. Friend of animals everywhere. Evil web scholar. Zombie maven.”