Stopping the leak

May 2015 Cyber Security

In today’s globally connected world, data enters and leaves cyberspace at speeds baffling to the human mind. A mere 45 years ago, Apollo 11 landed on the moon, and since this historic event, advances in the world of cyberspace have raced ahead to unprecedented levels.

Mohsien Hassim, security services business unit manager, Datacentrix.
Mohsien Hassim, security services business unit manager, Datacentrix.

Enterprises today receive millions of e-mail messages and data files daily, containing sensitive data including the records of customers, business partners, shareholders, staff members, and more. With the advent of cloud technology, an organisation’s fear of losing data is amplified if its critical data is hosted outside by a third party and not within their total control.

It is a fact that, in today’s complex business world, data is seen as the new currency and can be attributed with a monetary value. However, the damage that data loss can do to an inadequately secured enterprise extends far beyond pecuniary matters, and can include reputation loss, regulatory consequences, a decrease in customer confidence, trust issues, a drop in market share, and the development of trade barriers.

A company that holds the sensitive data of customers, business partners and regulators needs to come to terms of with the responsibility of securing this information. Unfortunately, businesses constantly fall victim to massive data loss and high-profile data leakages involving sensitive personal and corporate data continue to appear, but are often not publicised, especially in South Africa. This is something that will change when the Protection of Personal Information (PoPI) Act, which highlights the importance of management and control over data, comes into full operation, meaning that organisations need to take measures to understand the sensitive data they hold, how it is controlled, and how to prevent it from being leaked or compromised.

In order to do this, it is important to understand what data loss really is. Data loss can be divided into two overlapping categories – leakage and damage. Leakage occurs when sensitive data is no longer under the organisation’s control (such as a loss of confidentiality due to for hacking or identity theft). Damage, or the disappearance of data, occurs when the correct data copy is no longer available to the organisation, resulting in a compromise of integrity or availability.

Types of data

Data is generally found is three modes: at rest; in motion; and in use. Data at rest includes data that resides in files systems, distributed desktops and data stores/databases; data in use refers to data that is being used in endpoint devices like mobile devices, USB drives and other endpoint devices; and data in motion denotes data that moves through the network to the outside world via e-mail, instant messaging, peer-to-peer (P2P), FTP, or other communication mechanisms. As the digital world evolves and technologies converge, the types of solutions used to move data will become more complex, requiring different treatment of data management.

Data Loss Prevention (DLP) is a strategy to ensure that end users do not send sensitive or critical information outside of the corporate network. This type of technology requires proper planning and even more importantly, precise implementation. DLP is a complex issue with no single effective solution; in essence, each organisation has its own challenges, business needs and risks mitigation strategies. This requires a con­tinuous assessment of DLP requirements on an ongoing basis.

It is imperative that organisations realise that their greatest assets are their people. Unfortunately, people are also a weakness in the system. Creating awareness around the correct management and use of data is a critical element in mitigating risks around data loss. Security awareness training should be mandatory for all staff (including management), thereby establishing a common baseline of security knowledge and removing the “I did not know” mind-set.

Three pillars

DLP focuses on the three pillars of data security: monitor; protect; and discover. When selecting a DLP solution, it should not interrupt business activities and should operate without deteriorating system or employee performance. DLP products generally come with built-in policies that are already compliant with the relevant compliance standards like PCI, HIPPA, SOX and so on, but alignment between the organisation’s needs and these policies is required.

The key element for a successful implementation of a DLP strategy and subsequent implementation project is to identity the data that needs protection. Adopting a blanket approach across the entire organisation will not work, as the outcome will in a large number of false positives being generated.

Key steps to be adhered to in a DLP strategy roll-out must include:

• Data identification - where all confidential and restricted data across the entire organisation is recognised and categorised into the three data classes.

• Policy definition - which will help protect the sensitive data identified. Every policy must consist of some rules, such as to protect credit card numbers, personally identifiable information (PII), and identity numbers. The DLP policies at this stage should only be defined and not applied.

• Identify information flows and data business owners - an organisation can identify its business information flow by preparing relevant questionnaires to identify and extract all the useful information. It is imperative to identity the business owners of the data as this forms an important step in the planning strategy of DLP. Preparing a list of notification recipients in the case of the loss of sensitive data is crucial.

• Deployment scenarios - deployment follows the three categories (modes) of data, and requires strong technical and deep project management skills for success.

The multitude of DLP products in the marketplace makes it difficult for an organisation to make its choice. These guidelines should assist in this selection process:

• DLP is a business requirement not an IT issue, the PoPI Act is clear on this, so check whether there is a business need for a DLP product or service.

• The identification of sensitive data or restricted data is a critical element in the DLP exercise. With proper data identification, unwanted false positives will be generated resulting in a waste of time and money. This is an important element of the DLP strategy.

• The DLP product must support the data formats of the environment.

• The fine-tuning of DLP policies will be required in the DLP operations.

• Regular updating of risk profiles and documentation will be required during the DLP exercise as DLP incidents are reported – this is the feedback loop of the exercise.

• Buy-in from senior and top management is a key requirement, and something that will be supported by the PoPI Act, so employ an executive sponsor.

DLP can offer great benefits to an organisation as with greater insight into, and thus control over its sensitive data, data management policies can be revised and ability to manage the risks that relate to data – a key asset – is significantly improved. After all…data is the new currency.

For more information, please visit

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cybersecurity for video surveillance systems
September 2019 , Cyber Security, CCTV, Surveillance & Remote Monitoring
Video surveillance systems are increasingly accessible over any IP network, which has led to the rise of potential cyberattack.

Cyber-securing your surveillance infrastructure
September 2019, Genetec, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
When it comes to cybersecurity, understanding the risks and the solutions as well as engaging in open communication helps everyone.

Cybersecure surveillance partnership
September 2019, Bosch Building Technologies, Genetec , Cyber Security, CCTV, Surveillance & Remote Monitoring
With Bosch and Genetec, you can feel confident that your data is protected by one of the world?s best security solutions, end to end, day after day.

Keeping your things to yourself
October 2019, Technews Publishing , Editor's Choice, Cyber Security, Integrated Solutions, IT infrastructure
Three experts spoke to Hi-Tech Security Solutions to offer advice on keeping your IoT working for you and not for cyber criminals.

IoT in security
October 2019, Duxbury Networking, Technews Publishing , Editor's Choice, Cyber Security, Integrated Solutions, IT infrastructure
Using the Internet of Things is not really optional these days, but securing the Internet of Things is compulsory, no matter what industry you operate in.

Your business needs synchronised security
September 2019 , Cyber Security, Products
This complete security portfolio from Sophos offers endpoint, servers, firewall, Wi-Fi, mobile, email and encryption that is fully scalable to grow as your business does.

NFa2p security certification
October 2019 , News, Cyber Security
Advisor Advanced obtains the highest level of certification to the NFa2p Electronic Security Standard for a complete security system.

SOAR an essential part for security operations
October 2019 , Editor's Choice, Cyber Security, Security Services & Risk Management
MJ Strydom, MD of cybersecurity specialist company DRS discusses the challenges around the security incident response lifecycle.

Stalkerware on the increase
October 2019, Kaspersky Lab , Cyber Security
The number of users that encountered stalkerware (commercial spyware often used as a tool for domestic espionage) increased by 35% to 37 000 in 2019.

Reductor malware hijacks HTTPS traffic
October 2019, Kaspersky Lab , Editor's Choice, Cyber Security, News
Kaspersky researchers have discovered new malware that hijacks victims' interaction with HTTPS web pages in the process of establishing encrypted communication between the user and the website.