Evolving threats and DLP adaptation

Cybersecurity threats have been rapidly evolving in the past several decades. Learn how data loss prevention tools have adapted to these changes.

What Is Data Loss Prevention (DLP)?

Data Loss Prevention is the set of practices and tools that aim to prevent the loss of data. Nowadays, some cloud environments also incorporate data leak prevention functionality into their DLP tools. For example, many DLP policies in Microsoft 365 serve to prevent data exfiltration rather than loss.

Indeed, some cybersecurity practices and solutions help to prevent both data leak and loss. An example would be a security policy that blocks risky SaaS applications from accessing your SaaS environment. SaaS apps can both exfiltrate your data or cause data loss, e.g., in a ransomware attack.

This being said, we want to emphasize that data loss and data leaks essentially require different cybersecurity strategies and toolkits. That is why, for the purposes of this article we will exclusively focus on the adaptations that data loss prevention has undergone in the past years.

The evolution of threats to data integrity

Data threats have evolved dramatically over the past 20 years, as organizations have moved their data from on-premise environments to the cloud en masse. This transition has transformed the nature of the threats to the data.

In the on-prem environments, there were several main causes of data loss:

• viruses
• data breach 
• insider threats
• equipment malfunction.

To protect on-prem environments from data breaches and viruses, security architects would build strong perimeter security using firewalls for internet connection, antivirus programs, and policies on using portable devices like USB flash drives. 

When talking about insider threats, companies were mostly dealing with data loss due to human errors or employee malicious intent. To address this issue, they used the backups. These tools were also used in cases of equipment malfunction.

In the modern cloud environment, equipment malfunctions, and viruses (except for ransomware) are almost out of the picture. Most reliable data centers have strong protection against natural disasters and other incidents like outages. Cloud environments either provide tools against viruses and DDoS attacks or have them as built-in features like Google Workspace or Microsoft 365.

Modern threats in the cloud

At this point, it might seem as though the cloud is a more secure environment than on-prem. However, cloud environments have several security vulnerabilities that on-prem environments do not have.

1. Account hijack

The cloud perimeter is porous. Each account is a potential threat of data breach. Using the credentials, a hacker can easily access your cloud environment. And your IT security team will have no knowledge about it. Nowadays, hackers try to use multiple techniques to steal credentials. One of the most popular methods is password spraying. A hacker uses a special program that tries to log in with a list of emails of an organization and some of the most popular passwords that can be easily found online. Once they find a match they can enter your system.

2. Shadow IT

OAuth 2.0. technology enables SaaS applications to access your cloud environment. Again without the knowledge of your IT security team. Some of these applications can pose serious threats to your data and can ultimately lead to data loss. This phenomenon is called Shadow IT. It’s one of the key problems for IT security teams. Furthermore, even IT leaders use unauthorized applications in their work. There are three main issues with unauthorized applications. 

First, the application developers might not be diligent in securing the app. They will leave vulnerabilities in the software to be found and exploited by the hackers. In a worse scenario, they wouldn’t patch the app regularly, leaving the vulnerabilities for a prolonged period.

Second, some of the applications are created by hackers on purpose. In this case, cybercriminals don’t need to look for vulnerabilities. They can use the application they’ve created to access your data and cloud system (for example, to infect them with ransomware).

Finally, some applications can glitch as a result of a bug. Unfortunately, if it happens to the apps that have the feature of mass editing, significant data loss can occur. Such applications are one of the major sources of data loss in Salesforce and other CRMs.

3. Sharing settings

The file-sharing features of cloud environments like Google Workspace or Microsoft 365 make data vulnerable to malicious actors.

If you remember the collaboration on documents in the 2000s, you know that document sharing is one of the greatest features that came with cloud environments. It streamlined most business processes and operations.

Unfortunately, it also created a significant vulnerability in cloud security. One of the most outrageous data breaches was due to the incorrect sharing settings. For example, in late 2022, the multinational media conglomerate Thomson Reuters found that around 3TB of their sensitive data had been shared publicly for several years. And to this day they do not know if unauthorized people had had any access to this data before it was “unshared.”

While improper sharing is more likely to lead to data theft, sometimes it can also cause data loss. For example, an accidental visitor with editing permissions can change several figures in a financial spreadsheet.

4. Human error

Human error remains one of the main reasons for security breaches and data loss. There are several types of human errors that can have devastating consequences for the company.

First, there are simple errors like opening a file and accidentally deleting a piece of information or writing something in it. Another example is accidental deletions of files or folders by a person.

Second, there are more serious errors made by Administrators and developers. For example, in Salesforce, developers can configure the new pipeline and it will cause the loss of metadata (and ultimately incorrect representation of all elements in the CRM).

Another example is the incorrect employee leave procedure that causes the company to lose the data stored in the account of the relieved employee. Finally, there are security misconfigurations that leave gaps in security and enable cyber criminals to infiltrate the system.

5. Ransomware

Cloud environments are vulnerable to ransomware attacks. Without third-party ransomware protection tools, these environments are defenseless against these types of attacks.

Ransomware is one of the most profitable cyber crimes. In this type of attack, hackers blackmail their victims with data loss or data leak. The data loss is guaranteed by the encryption of the data. Data leaks can be due to prior stealing of the files.

The number of ransomware attacks has been steadily increasing for the past several decades along with ransom demands.

Data Loss Prevention vs. the New Threats

With all the new threats to cloud data that have emerged in the past decade, modern DLP architecture needs to take into account these threats.

We suggest to build your Data Loss Prevention around several key practices:

Backup

Backup was the basis of the DLP practices for on-premises solutions. And little has changed since. The backup is your last line of defense when all other lines have failed.

Here are some of the key characteristics of the best backup solution for a cloud environment:

1. Cloud native tool. Cloud solutions are scalable, cheap, and more secure than on-premise ones.
2. Incremental backup. This is the fastest type of backup. It also takes less space compared to other types, like mirror, or full.
3. Automated and manual. It’s essential to be able to schedule regular backups several times a day. It is also critical to be able to back up some critical data upon request.

Proactive ransomware protection

While certain backup tools, e.g., SpinOne, have 99.9% SLA, meaning they recover 99.9% of your data, cybersecurity experts suggest acquiring other tools to enhance your DLP.

In the instances of mass data corruption like ransomware attacks, the recovery of your data can take weeks or even months. This is due to the fact that cloud environments use APIs to connect with backup tools. API calls have limitations and mass data recovery can take too much time.

We suggest looking at tools that use AI to analyze data behavior and detect abnormalities. This type of ransomware protection can detect and stop the attack within minutes after it began and automatically recover files that have been encrypted.

Shadow IT control

With the transition to the cloud, Shadow IT had become a modern pandemic to the point where Forbes even called to embrace it. This sentiment can be partially understood. Even IT management uses unauthorized applications.

However, there are tools that can help you take your Shadow IT under control. These tools detect applications and evaluate their risks. Administrators can also use them to create allowlists and blocklists, to automate the process.

Access Control

To control access, you will need several practices and tools:

1. Strong passwords with mandatory regular password change
2. Two-step verification
3. Abnormal login detection.
4. Risky sharing detection and remediation.

Passwords and two-step verification will minimize the risk of hacker login in case of credentials theft. Abnormal login detection will also help you spot if the user has logged in from an unusual location or at an unusual time.

Sharing control can provide you with visibility into documents that are shared with unauthorized people. It can also enable you to change sharing settings right in the tool or even take ownership of a document in case you suspect foul play.

Single pane of glass

We suggest acquiring tools that have all the above-mentioned DLP functionalities. Having all the necessary features in one solution will save your IT security team time and budget.

SpinOne platform has all the necessary DLP functionalities including ransomware protection and backup. Prevent data loss with SpinOne.