Page 36 - Cyber Defense eMagazine forJune 2021
P. 36
The Dangers of Cloud Channels
Most IT and security professionals know that with great data comes great risk. 59% of IT and security
professionals cite data loss as “one of the risks of greatest concern in digital technologies.”
One of the key factors in DLP risk is third-party cloud channels that are now a ubiquitous feature of the
modern office:
● Collaboration platforms like Microsoft Teams and Slack – used by the entire organization for daily
operations.
● Social media platforms, like Facebook, Twitter, and LinkedIn – used by marketing teams and
executives for brand building.
● Messaging apps, like WeChat and WhatsApp – used by sales teams, customer support, and
many other teams.
Here’s the challenge: these channels escape traditional security protocols. They exist outside the
security perimeter, and they lack the multi-billion dollar security industry that email enjoys.
Moreover, the rapid shift to virtual offices has exacerbated the situation. According to a report, about 57%
of the workforce are working from home right now, and employers expect nearly 40% of employees will
remain working remotely by the end of 2021. Home offices are notoriously insecure. This is one reason
why, over the past year, 74% of US organizations have experienced a successful phishing attack.
That’s a 14% increase on the previous year.
Principles for a DLP Program
CISOs understand these risks. In a recent survey, we asked 600 senior enterprise IT and security
professionals to see how they rate their current security and compliance risks. One of the top five primary
risk concerns for executives is data loss. Furthermore, 70% are most concerned about the brand and
reputation damage that such threats would bring, followed by potential risk to shareholder value (52%)
and loss of revenue (42%).
These statistics speak for themselves: enterprises want and need to implement data loss prevention
technologies that go beyond a Band-Aid fix. Why? Because many DLP solutions and programs fail to
offer “true prevention” at all. Instead, they offer the cyber version of closing the barn door once the horse
has already bolted. These services often only help in finding or recovering sensitive data which, by the
time it’s been found and recovered, has already made its way to the deep, dark web.
To implement a DLP program that offers true prevention, enterprises need to do the following:
1. Define your DLP strategy's objectives
Talk to your stakeholders and gather their input to help you define your policies and objectives,
and determine:
Cyber Defense eMagazine – June 2021 Edition 36
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.