At the end of 2023, a whopping 30.5 billion (known) records were breached globally. In March 2024 alone, we saw 299 million records breached. The cost of these data breaches are expected to be roughly 9.5 Trillion USD by the end of this year.
What can be done to prevent this? One of the leading causes of breaches is data loss, whether through malicious or accidental means. By embracing a data loss prevention (DLP) strategy, organizations can ensure their environment is protected from a breach due to data loss.
What are the most common causes of data loss?
Device loss & theft
A larger issue in recent years due to the increase in remote working, devices being sent to various locations whether for work or being transported back to a central location for repairs or re-imaging.
This period of transit is a where a device is most vulnerable for loss or theft. If the device has any data stored locally, or even cookies saved with autofill information. Then this is a major security risk for an organization.
Credential leakage
This can both be unintentional or intentional. Credentials are one of the main things malicious actors look for when attempting to breach an organization, with a recent focus on high-level administrators where their credentials can often lead to much more control being given to the malicious actor.
Phishing
One of the most common causes of data loss is through phishing; 3.4 billion phishing emails are sent by cyber criminals a day. This is where an attacker would pose as a person or organization to deceive individuals into submitting their credentials. The attacker uses these credentials to enter into personal and corporate accounts, normally for the purposes of financial gain.
Malware
Malicious files can take a variety of forms; however, most commonly, we see keyloggers and screen scrapers being explicitly used to extract data from an individual. The intention is to run unnoticed on an endpoint, collect keystrokes or screenshots of users behind the scenes, and feed this information directly back to the attacker who deployed this malware.
What kind of DLP actions can companies use to stay secure?
For each of these causes of data loss, companies can employ some best practices in order to ensure that data remains secure.
Write filtering & remote wiping
The easiest way to ensure no data can be stored on an employee’s machine is to install a write filter that will prevent any data being saved on the machine. This combined with a cookie policy on their browser will ensure there is no chance of data actually existing on the machine that can lead to a breach.
Another option is to wipe the machine remotely, this can come in a variety of ways – MDM’s, for example, can completely wipe devices they are managing. Other IT endpoint management solutions have the capability to simply uninstall their secure system should the device in question be lost/stolen.
MFA & contextual security
MFA has become the standard for most organizations for good reason, it does prevent malicious actors from accessing corporate environments with credentials alone. They have an extra level of authentication to get through, though it is not always enough.
This is why it may be advised for companies to try to enforce some contextual security policy on endpoints connecting to a secure environment. This way IT teams can ensure that someone is not connecting from a random device with stolen credentials and an MFA workaround.
Email security & employee training
The most common method of phishing is of course emails. One of the ways organizations can combat this is by using various forms of phishing protection, including things like DNS authentication, e-mail scanning, anti-impersonation software, and even anti-malware software.
Though nothing is foolproof and with the sheer volume of phishing attempts made, some can get through, the best way to combat this is through employee training. An employee should be aware of the steps the should take in order to confirm if an email is legitimate or not.
Anti-malware technology
Malware such as keyloggers or screen scrapers can be difficult to combat, this is due to their design to run “invisibly” on an end-user’s device. However, malicious actors can be combated against with the correct anti-malware technology.
Persistent scanning of endpoints, monitoring performance, and whitelisting applications can drastically help to discover and prevent malware from leaking data.
Conclusion
Data loss is a major contributor to data breaches. However, it can be combated against with write filtering & remote wiping, MFA & contextual security, email security & employee training and anti-malware technologies.
If you are looking for an endpoint security solution with all of this then feel free to reach out to one of our team who can bring you through exactly how ThinScale can help prevent data loss in your environment.