Evolving threats and DLP adaptation

Cybersecurity threats have been rapidly evolving in the past several decades. Learn how data loss prevention tools have adapted to these changes.

What Is Data Loss Prevention (DLP)?

Data Loss Prevention is the set of practices and tools that aim to prevent the loss of data. Nowadays, some cloud environments also incorporate data leak prevention functionality into their DLP tools. For example, many DLP policies in Microsoft 365 serve to prevent data exfiltration rather than loss.

Indeed, some cybersecurity practices and solutions help to prevent both data leak and loss. An example would be a security policy that blocks risky SaaS applications from accessing your SaaS environment. SaaS apps can both exfiltrate your data or cause data loss, e.g., in a ransomware attack.

This being said, we want to emphasize that data loss and data leaks essentially require different cybersecurity strategies and toolkits. That is why, for the purposes of this article we will exclusively focus on the adaptations that data loss prevention has undergone in the past years.

The evolution of threats to data integrity

Data threats have evolved dramatically over the past 20 years, as organizations have moved their data from on-premise environments to the cloud en masse. This transition has transformed the nature of the threats to the data.

In the on-prem environments, there were several main causes of data loss:

• viruses
• data breach 
• insider threats
• equipment malfunction.

To protect on-prem environments from data breaches and viruses, security architects would build strong perimeter security using firewalls for internet connection, antivirus programs, and policies on using portable devices like USB flash drives. 

When talking about insider threats, companies were mostly dealing with data loss due to human errors or employee malicious intent. To address this issue, they used the backups. These tools were also used in cases of equipment malfunction.

In the modern cloud environment, equipment malfunctions, and viruses (except for ransomware) are almost out of the picture. Most reliable data centers have strong protection against natural disasters and other incidents like outages. Cloud environments either provide tools against viruses and DDoS attacks or have them as built-in features like Google Workspace or Microsoft 365.

At this point, it might seem as though the cloud is a more secure environment than on-prem. However, cloud environments have several security vulnerabilities that on-prem environments do not have.

First, the cloud perimeter is porous. Each account is a potential threat of data breach. Using the credentials, a hacker can easily access your cloud environment. And your IT security team will have no knowledge about it.

Second, OAuth 2.0. technology enables SaaS applications to access your cloud environment. Again without the knowledge of your IT security team. Some of these applications can pose serious threats to your data and can ultimately lead to data loss.

Third, the file-sharing features of cloud environments like Google Workspace or Microsoft 365 make data vulnerable to malicious actors. Finally, cloud environments are vulnerable to ransomware attacks. Without third-party ransomware protection tools, these environments are defenseless against these types of attacks.

Data Loss Prevention vs. the New Threats

With all the new threats to cloud data that have emerged in the past decade, modern DLP architecture needs to take into account these threats.

We suggest to build your Data Loss Prevention around several key practices:

Backup

Backup was the basis of the DLP practices for on-premises solutions. And little has changed since. The backup is your last line of defense when all other lines have failed.

Here are some of the key characteristics of the best backup solution for a cloud environment:

1. Cloud native tool. Cloud solutions are scalable, cheap, and more secure than on-premise ones.
2. Incremental backup. This is the fastest type of backup. It also takes less space compared to other types, like mirror, or full.
3. Automated and manual. It’s essential to be able to schedule regular backups several times a day. It is also critical to be able to back up some critical data upon request.

Proactive ransomware protection

While certain backup tools, e.g., SpinOne, have 99.9% SLA, meaning they recover 99.9% of your data, cybersecurity experts suggest acquiring other tools to enhance your DLP.

In the instances of mass data corruption like ransomware attacks, the recovery of your data can take weeks or even months. This is due to the fact that cloud environments use APIs to connect with backup tools. API calls have limitations and mass data recovery can take too much time.

We suggest looking at tools that use AI to analyze data behavior and detect abnormalities. This type of ransomware protection can detect and stop the attack within minutes after it began and automatically recover files that have been encrypted.

Shadow IT control

With the transition to the cloud, Shadow IT had become a modern pandemic to the point where Forbes even called to embrace it. This sentiment can be partially understood. Even IT management uses unauthorized applications.

However, there are tools that can help you take your Shadow IT under control. These tools detect applications and evaluate their risks. Administrators can also use them to create allowlists and blocklists, to automate the process.

Access Control

To control access, you will need several practices and tools:

1. Strong passwords with mandatory regular password change
2. Two-step verification
3. Abnormal login detection.
4. Risky sharing detection and remediation.

Passwords and two-step verification will minimize the risk of hacker login in case of credentials theft. Abnormal login detection will also help you spot if the user has logged in from an unusual location or at an unusual time.

Sharing control can provide you with visibility into documents that are shared with unauthorized people. It can also enable you to change sharing settings right in the tool or even take ownership of a document in case you suspect foul play.

Single pane of glass

We suggest acquiring tools that have all the above-mentioned DLP functionalities. Having all the necessary features in one solution will save your IT security team time and budget.

SpinOne platform has all the necessary DLP functionalities including ransomware protection and backup. Prevent data loss with SpinOne.