[April 13, 2020]

CISOs Perspective on Implementing a Data Safety Net in Times of Crisis

Remote work: higher risk for IP

Remote work poses more challenges and more risk for sensitive data. Employees are more likely to resort to shadow IT to share sensitive data, such as copying sensitive information via WhatsApp because the regular sharing mechanisms that worked in the physical office are not available or enforced anymore. Learning new collaboration tools required for this new reality is prone to risk of accidental misuse, putting sensitive data at risk.  According to IDG, “More than 26% of organizations have seen an increase in the volume, severity, and/or scope of cyber-attacks since March 12th. Financial services have been especially impacted with 37% seeing an increase.”

Working from home is tough even for us, security folks. For instance, for a security analyst who is used to having big displays around in a physical Security Operations Center (SOC), the virtual SOC is more difficult when your 65" display is now a 13" laptop screen and kids are running around your improvised desk at home.

How exactly is remote work putting IP at greater risk than before? Take for instance Office 365 which is now seeing increased use by remote workers (up to 775% for all Microsoft cloud services according to ZDNet). There were 12M new users on Microsoft Teams in 7 days according to Microsoft. Many companies are accelerating their rollout or expanding their rollouts of Office 365 and other tools. Office 365 is just an example, now you can compound this with any other application and with the fact that more users are using their BYOD iPads and connecting those to the apps where all IP is stored. 

For many employees this is a completely new setup, they are still learning how to use it effectively: there are new apps to (mis)use, they have to be much more mindful when sharing data, reason in which folder to place it, etc. Even simple things like printing a report and handing it over to the boss, preparing a presentation for a new design on your laptop and discussing in front of a projector in the conference room are not feasible anymore. Employees are not used to reasoning about RBAC for everything like security folks. RBAC is much easier when you can share data to somebody in the next cubicle, somebody you can see and talk to. And it is way more tricky in the fully digital world. 

All the work we’ve done as CISOs to train our employees on how to set permissions to data, how to not share sensitive data to the wrong customer, and how to not fall for phishing attempts may pay off now, but we have to be mindful of the fact that all this training was one in a different work environment, so it’s not so relevant in this new setup. It’s a bit like taking somebody who always drove an automatic to now drive a rally car.

Catch 22

In theory, this would be the time to add a new layer of protection for sensitive data. It would be ideal to monitor how employees are accessing sensitive data and where they are now storing and sharing this data. Turning to the existing solutions like DLP and CASB to add more policies and trying to regain the confidence that sensitive data remains safe under these new circumstances may or may not be possible based on staff priorities and skill sets. Given the disruption of working from home conditions, companies are enabling everything to maximize productivity and are hesitant to use conventional blocking for fear of inhibiting productivity.

Unfortunately, during this time most security teams are scaling down, becoming more focused at mastering the tools they already installed, and in general making their workforce as efficient as possible and hope that none of this downscaling will result in an insider breach to company's sensitive data. A breach could prove the final blow for many companies during this period of economic uncertainty: a breach could lead to losing customers or allowing copy-cats to replicate technology at lower prices.

Setting up new data protection measures is what the CISOs and CEOs ask for, but at the same time there is no bandwidth from the security team to embark on new projects that will take months of configuration before they deliver any value (e.g., pretty much all DLP or CASB products). And by the time any such solution can deliver any value, it may be too late and sensitive data has leaked accidentally: with DLP or CASB one cannot apply policies retrospectively. To make matters worse, budgets might also be temporarily frozen for a few months until the crisis subsides.

The litmus test for any solution

The ideal solution to this would be something that literally requires no configuration and takes at most a couple hours from a single security engineer to install and configure: just a few clicks to enable and no configuration required. As a CISO of Cyberhaven, I would be hard-pressed to find the time for something more complex to deploy and configure. We just evaluated a container security solution recently for internal use at Cyberhaven and we subjected it to exactly this high standard. In the data security world, both DLP and CASB would fail this litmus test by a far margin.

This is exactly what the Cyberhaven SafetyNet Services provides: it's the only solution I know of that you can deploy in minutes and does not require any configuration to obtain a persistent trace of how any data is used by employees, including data the security team knows to be sensitive now, or may determine to be sensitive in the future. It provides the peace of mind to the security team that it records ALL the data activity in your environment with almost ZERO initial effort and no maintenance required afterwards. You can do this even with a security team that is busier than usual and even if the budget for new acquisitions is frozen: you can get a free risk assessment! 

Get Data Risk Assessment

Topics: Insider Threat