Recently we announced Sensitive Data Manager 9.0, our Data Loss Prevention (DLP) solution. In addition to offering the highest accuracy of data discovery and data classification, this release adds powerful, custom data discovery capabilities that reduce the burden on IT Security by allowing organizations to locate their unique sensitive data. Sensitive Data Manager 9.0 increases automation of classification and DLP security controls, reaching deep into cloud environments to further data minimization efforts and manage sensitive data. The addition of user-driven data classification further empowers organizations to take a hybrid approach to integrated DLP management, enabling them to leverage both automated and manual classification. Continue reading →
Forrester recently released an insightful report Understand The State Of Data Security And Privacy: 2015 To 2016, based on hundreds of discussions with security experts. The in-depth research of the data security industry highlights which core data security technologies are in demand for 2016 and how our behaviors and motivations make data loss inevitable. It also covers why safeguarding the customer experience is essential for building trust, and why a data-centric approach to security is a must for businesses.
It turns out that in past 12 months, the top three most common ways that breaches occurred were internal incident within an organization (39%), external attack targeting an organization (27%), and external attack targeting a business partner/third-party supplier (22%). Also personally identifiable information (PII) was one of the top two data types compromised most in a data breach. Continue reading →
An effective data protection program minimizes your sensitive data footprint and helps keep business-critical and regulated data secure and out of the hands of attackers. The best way to develop and maintain such a program is to think of it as a process, not a project. Here are ten steps to help you put your process in place.
Adopt a logical approach to data protection
First, make sure minimum security baselines are in place, including perimeter and end-point security. Then, analyze how your business operates so you can identify and locate your sensitive data; understand how it’s created and used; classify it; and prioritize your data assets.
Understand the data lifecycle
To protect your sensitive data most effectively, you need to understand its lifecycle, whose stages are: create, store, use, share, archive and destroy. Knowing the stage a specific file with sensitive data occupies determines in large part what policies you should apply to best protect it. Continue reading →
Locating credit cards, personally identifiable information such as SSNs and drivers licenses is a staple of our AnyFind® technology. AnyFind narrows the likelihood of a positive match and eliminates false positives through a series of validations while looking for those discrete pieces of data the way a human would. For example, when looking for a Social Security number, if you simply look for a 9-digit number you get a lot of noise. A zip +4 that is missing a dash can trigger a false positive. AnyFind has a unique approach: We look at the context of data, including location and proximity to make accurate determinations, along with 100+ validators.
Locating proprietary institutional data on the other hand—sensitive data that could only be understood and identified by its owners and creators—was the inspiration behind our Sensitive Data Engine!
Today, we launched Sensitive Data Manager 9.0, our Data Classification, Discovery and Data Loss Prevention solution boasting a centralized, on premise-to-cloud view into your sensitive data. Sensitive Data Manager 9.0 provides your organization with the ability to classify, monitor and protect organizationally unique sensitive data. Continue reading →
The fact that an organization is not in the healthcare industry or isn’t a HIPAA-covered entity doesn’t mean it’s not at risk of a PHI data breach.
This is just one headline finding from one of the best reports we’ve seen on PHI data breaches. If you really want to understand how PHI data breaches happen, who’s being targeted, what methods the bad guys are using, and what can be done to fight back, this is the report to read.
The 2015 Verizon Protected Health Information Data Breach Report is an in-depth, quantitatively sophisticated study that examines the problem of medical data loss. According to the report, “This is a far-reaching problem that impacts not only organizations that are victims of these breaches, but also doctor-patient relationships. And it can have consequences that spread more broadly than just those directly affected by the incidents.” Continue reading →
This has been a busy year for cybercriminals: There were more than 600 breaches in 2015 that involved identity and data theft. Our customers, colleagues and fellow security professionals have asked us what we think 2016 will look like, so here are our cybersecurity predictions for this year.
These are insights and extrapolations for the serious practitioner who makes his or her living from keeping other folks safe online. Staying true to our brand of providing the highest-accuracy findings, we’re focusing on making accurate rather than sensationalist predictions.
The predictions are organized as a timeline to describe how trends in information security may evolve in 2016.
Breaches will continue to proliferate in severity and frequency
You no longer need to worry about compliance if you understand the total cost of being non-compliant. Should you happen to fall in this category then the infographic below may not be of much use.
In the first six months of 2015 there were 1,860 data breaches and 95% of the exposed records were a result of hacking. A fair number of those unfortunate victims of cyber-crime were indeed compliant. Unfortunately many were not. In the wake of dealing with customer churn, negative press and recovering from productivity affecting attacks they now had to deal with regulators and fines. Continue reading →
Some would argue that signs of what WW III might be like are already emerging … it’s just not visible to ordinary folks because it takes place online, often in the dark web, largely out of the public eye.
Just like generals and politicians, schooled in infantry-based warfare, weren’t prepared for tanks and airplanes in WW I, nor for Blitzkrieg, aircraft carriers, submarines, or long-range strategic bombing in WW II, politicians today do not understand that a nation state or individual can do severe harm to individuals, organizations, or entire countries without shedding one drop of blood as we explained in a recent interview with Zach Noble of “The Business of Federal Technology”.
Has your company or a company you know of failed a compliance audit? Many security models are built off of the necessity to meet compliance regulations. While it is understandable to build compliance-driven security initiatives, it is not a best practice.
Some of the many reasons that companies build compliance-driven security initiatives, is that they are trying to reduce cost and time spent. However, there is a win-win to data security that goes beyond just saving time and money achieving compliance, but that starts with accurately identifying and classifying the sensitive data that needs to be protected. This can achieve both, compliance and security initiatives, quickly and inexpensively.
“What is broken in the security industry?” CSO Online recently asked data security experts at Black Hat USA 2015.
Rather than the processes or products being the problem, Todd Feinman, CEO of Identity Finder had another take on it; truly understanding your data. Given the unprecedented amount of data that organizations produce and store, their biggest challenge is understanding their data and what’s inside of it. “Not all data needs to be protected equally,” says Todd Feinman. When you have so much data, you tend to forget what the most sensitive information is and where it is located, which makes it even harder to protect.
When looking at a security program you have to look at discovering, classifying, monitoring and protecting data throughout its lifecycle—from creation to use to storage. Unfortunately, no single system will provide you with the ability to do everything. Many systems have to operate together so you know exactly where to focus and can ensure that your most important and sensitive data is protected.