Stopping the leak

May 2015 Information Security

In today’s globally connected world, data enters and leaves cyberspace at speeds baffling to the human mind. A mere 45 years ago, Apollo 11 landed on the moon, and since this historic event, advances in the world of cyberspace have raced ahead to unprecedented levels.

Mohsien Hassim, security services business unit manager, Datacentrix.
Mohsien Hassim, security services business unit manager, Datacentrix.

Enterprises today receive millions of e-mail messages and data files daily, containing sensitive data including the records of customers, business partners, shareholders, staff members, and more. With the advent of cloud technology, an organisation’s fear of losing data is amplified if its critical data is hosted outside by a third party and not within their total control.

It is a fact that, in today’s complex business world, data is seen as the new currency and can be attributed with a monetary value. However, the damage that data loss can do to an inadequately secured enterprise extends far beyond pecuniary matters, and can include reputation loss, regulatory consequences, a decrease in customer confidence, trust issues, a drop in market share, and the development of trade barriers.

A company that holds the sensitive data of customers, business partners and regulators needs to come to terms of with the responsibility of securing this information. Unfortunately, businesses constantly fall victim to massive data loss and high-profile data leakages involving sensitive personal and corporate data continue to appear, but are often not publicised, especially in South Africa. This is something that will change when the Protection of Personal Information (PoPI) Act, which highlights the importance of management and control over data, comes into full operation, meaning that organisations need to take measures to understand the sensitive data they hold, how it is controlled, and how to prevent it from being leaked or compromised.

In order to do this, it is important to understand what data loss really is. Data loss can be divided into two overlapping categories – leakage and damage. Leakage occurs when sensitive data is no longer under the organisation’s control (such as a loss of confidentiality due to for hacking or identity theft). Damage, or the disappearance of data, occurs when the correct data copy is no longer available to the organisation, resulting in a compromise of integrity or availability.

Types of data

Data is generally found is three modes: at rest; in motion; and in use. Data at rest includes data that resides in files systems, distributed desktops and data stores/databases; data in use refers to data that is being used in endpoint devices like mobile devices, USB drives and other endpoint devices; and data in motion denotes data that moves through the network to the outside world via e-mail, instant messaging, peer-to-peer (P2P), FTP, or other communication mechanisms. As the digital world evolves and technologies converge, the types of solutions used to move data will become more complex, requiring different treatment of data management.

Data Loss Prevention (DLP) is a strategy to ensure that end users do not send sensitive or critical information outside of the corporate network. This type of technology requires proper planning and even more importantly, precise implementation. DLP is a complex issue with no single effective solution; in essence, each organisation has its own challenges, business needs and risks mitigation strategies. This requires a con­tinuous assessment of DLP requirements on an ongoing basis.

It is imperative that organisations realise that their greatest assets are their people. Unfortunately, people are also a weakness in the system. Creating awareness around the correct management and use of data is a critical element in mitigating risks around data loss. Security awareness training should be mandatory for all staff (including management), thereby establishing a common baseline of security knowledge and removing the “I did not know” mind-set.

Three pillars

DLP focuses on the three pillars of data security: monitor; protect; and discover. When selecting a DLP solution, it should not interrupt business activities and should operate without deteriorating system or employee performance. DLP products generally come with built-in policies that are already compliant with the relevant compliance standards like PCI, HIPPA, SOX and so on, but alignment between the organisation’s needs and these policies is required.

The key element for a successful implementation of a DLP strategy and subsequent implementation project is to identity the data that needs protection. Adopting a blanket approach across the entire organisation will not work, as the outcome will in a large number of false positives being generated.

Key steps to be adhered to in a DLP strategy roll-out must include:

• Data identification - where all confidential and restricted data across the entire organisation is recognised and categorised into the three data classes.

• Policy definition - which will help protect the sensitive data identified. Every policy must consist of some rules, such as to protect credit card numbers, personally identifiable information (PII), and identity numbers. The DLP policies at this stage should only be defined and not applied.

• Identify information flows and data business owners - an organisation can identify its business information flow by preparing relevant questionnaires to identify and extract all the useful information. It is imperative to identity the business owners of the data as this forms an important step in the planning strategy of DLP. Preparing a list of notification recipients in the case of the loss of sensitive data is crucial.

• Deployment scenarios - deployment follows the three categories (modes) of data, and requires strong technical and deep project management skills for success.

The multitude of DLP products in the marketplace makes it difficult for an organisation to make its choice. These guidelines should assist in this selection process:

• DLP is a business requirement not an IT issue, the PoPI Act is clear on this, so check whether there is a business need for a DLP product or service.

• The identification of sensitive data or restricted data is a critical element in the DLP exercise. With proper data identification, unwanted false positives will be generated resulting in a waste of time and money. This is an important element of the DLP strategy.

• The DLP product must support the data formats of the environment.

• The fine-tuning of DLP policies will be required in the DLP operations.

• Regular updating of risk profiles and documentation will be required during the DLP exercise as DLP incidents are reported – this is the feedback loop of the exercise.

• Buy-in from senior and top management is a key requirement, and something that will be supported by the PoPI Act, so employ an executive sponsor.

DLP can offer great benefits to an organisation as with greater insight into, and thus control over its sensitive data, data management policies can be revised and ability to manage the risks that relate to data – a key asset – is significantly improved. After all…data is the new currency.

For more information, please visit www.datacentrix.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.