Cyberattacks and data breaches may well keep multiplying this year yet many organisations still don’t give data loss and breach prevention the consideration they deserve, according to CoSoSys.
Roman Foeckl in a blog for CoSoSys – the maker of Endpoint Protector – warned that organisations should be taking data loss prevention (DLP) more seriously.
“Cybersecurity should be treated exactly the same way as physical security,” Foeckl wrote.
“There’s no advantage in installing extra locks on the door if the window could easily be broken.”
He conceded that “the challenge” for many is that cybersecurity remains a complex subject.
“It’s difficult to find all these windows and doors. And the current cybersecurity talent gap is not helping organisations that struggle to hire well educated and experienced security managers,” Foeckl added.
Preventing data breaches can rely on understanding exactly how they happen, examining organisations’ entire potential attack surface to pinpoint weak points and address them, he said.
Yet many organisations don’t have enough knowledge of cybersecurity, which Foeckl suggested could be why some haven’t invested sufficiently in DLP.
He speculated that this could be because a media focus on phishing and ransomware might draw attention to the exclusion of other types of attack, including threats related to human behaviour or psychology.
“Many believe that if they are well protected against these two types of cyber attacks (phishing and ransomware), they can rest their minds,” Foeckl wrote.
Organisations must ensure their security policies focus on comprehensive protection, not simply compliance requirements.
He said that anti-malware applications must be paired with other offerings such as DLP software that can prevent the manual sharing of sensitive information outside the business, for example via social media or to a portable, yet unencrypted, drive.
“Unfortunately, many organisations go only as far as to pass audits and assessments, which results in a lot of the attack surface being covered inadequately.”