Wikileaks, Document Security, And Your Business
Did you Know 48% of Breaches Happen from the Inside!
How do they occur?
48% Privilege Misuse40% Hacking38% Malware28% Employed Social Tactics15% Comprised Physical AttacksWhy do breaches occur?
Financial GainMalicious IntentGain Competitor InformationThe 2010 Verizon Data Breach Report found that Financial Services was the top industry represented by percent of breaches with the Hospitality industry, Retail, Manufacturing, Technical Services and Business Services respectively. Government only took 4% of the pie, which is alarming considering the leak of hundreds of thousands of confidential documents to Wikileaks.
Data breaches occur most often in mid-sized businesses. 96% of data breaches are easily avoidable with simple or intermediate controls.
98% of data breaches came from servers85% of attacks were not considered highly difficult61% were discovered by a third-party86% of victims had evidence of the breach in log filesThere are new technologies available to protect sensitive materials from being compromised. Two note-worthy technologies are Data Loss Prevention and Enterprise Digital Rights Management.
Data Loss Prevention (DLP)
Works best if a company is unsure where there is sensitive information stored on their networksDLP protects data that is “at rest” or “in motion”Enterprise Digital Rights Management (EDRM)
Works best if a company shares confidential information with partners, financial institutions, healthcare, or mergers and acquisitionsEDRM protects data that is “at rest”, “in motion” or “in use”A data breach can be very expensive for a company. There could be losses from embezzlement, recovery costs, repair and the most damaging for some companies- the loss of trust from end users. When Providence Health Services had a data breach their total expenses accumulated to nearly 7 million dollars. By assuming the predator is “already in” you can take a proactive approach to protecting your confidential information.
Ways to protect your company from a data breach:
Eliminate any unnecessary dataEnsure essential controls are metTest and review web applicationsAudit user accountsMonitor privileged activityFilter outbound trafficMonitor event logsThe more residuals of confidential data that remains in various hard drives and networks, the less secure your data is.
Ways to protect your confidential data from unauthorized access:Create a formal “end of life” document policyEnsure replacing equipment will not expose confidential documentsIncorporate secure access card technologies to track printingCentralize printing to track activityWatermark or encrypt sensitive documents to prevent copies or alterationsMany multifunction printers have secure operating systems to help keep documents safe by monitoring printing and allowing access controls. Additionally some devices can provide added security measures as an option.