Sergio Bertoni, the Leading Analyst at SearchInform
It’s impossible to completely exclude the possibility of data theft, given the speed with which technology is developing and the volumes of assets going digital. However, the risks can be mitigated.
We at SearchInform have been protecting customers against data loss for over 20 years. According to our experience, there are two major reasons, why companies continue to fail in data protection. The first reason is the lack of balance when it comes to protection against external and internal threats. The second problem is that numerous organizations, especially SMEs lack required budgets for ensuring protection, including purchase of protective software and required hardware, hiring onboard infosec officer.
Most companies have solutions for protection against external attacks such as malware, phishing, DDoS attacks, etc. However, insiders can cause even more serious damage, than external actors. According to Code42 research, in 2023, one insider-driven data loss incident costed companies an average of $15 million. Internal actors initially have direct access to the most valuable information - trade secrets, know-how, personal data, corporate infrastructure technical details. That’s why insider data breaches are often the most expensive and severe ones. Unfortunately, employees often steal and leak data intentionally, for their selfish purposes, e.g. they sell it to competitors, use the intellectual property for their own “shadow business”, plan to use the data at a new workplace. However, quite often the incidents are caused by accidental action, because employees IS competencies remain insufficient. Inadvertent users’ mistakes seriously increase the risks. They can become an entrance point for attackers by following the phishing link, using one password for many accounts or accidentally exposing critical data.
To protect data against loss due to the internal reasons, it’s required to enhance employees’ IS competencies and implement advanced protective solutions, such as DLP, DCAP, SIEM systems. If company lacks the required budgets for establishing onboard IS department, the solution in this case maybe choosing Managed Security Service: the customer doesn’t have to purchase software licenses or hardware, all is available by subscription. There’s also no need to hire onboard IS officer, as MSSP’s outsourcing analytical expert takes on all the tasks, related to internal protection.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!