Common Data Protection Lapses Which Weaken Security Posture

Poor data management practices are among the most critical weaknesses of organizations. Most enterprises tend to be negligent or clueless when it comes to securing their data, according to one data security report.

Enterprises, as it turns out, are continuing the years of negative trends in their security posture. They often find it difficult to determine where their sensitive data is and who has access to it. They lack a systematic way of managing and protecting crucial enterprise information.

Things need to change for the better. Data protection is not only meant to secure business secrets and critical information related to finances and access to resources. Unauthorized access to enterprise data can lead to various serious consequences, including the possible halt of business operations and even bankruptcy.

Discussed below are some of the common but sometimes overlooked data protection lapses as shared by industry leaders, with notes on the corresponding solutions.

Lax security governance and policies

Sharing his insights on security with Digital Guardian, WalkMe CISO Shlomi Avivi said that three factors tend to be overlooked when companies evaluate their security posture. These are administrative access, third-party vendors, and organizational change.

Poorly managed administrative access can harbor an “enemy withinâ€, says Avivi, as he points out how most organizations tend to focus more on customer-facing security concerns. Back office administrative access does not get the same cybersecurity attention. Even in the R&D departments, not many feel the urgency to meticulously secure administrative access.

On the other hand, third-party vendor software and service providers also pose cyber threats to organizations. Avivi aptly refers to them as “the friendly enemy.†Organizations trust these third-party entities and because of their reputation and experience in the field of cybersecurity, the common presumption is that they are trustworthy enough.

Moreover, organizational changes create opportunities for bad actors to penetrate an organization’s cyber defenses. The replacement of the operating system, business software, apps, cloud services, and other digital tools used by a company can expose security gaps or vulnerabilities hackers will quickly find and exploit. Organizations that undergo a digital transformation or those that move to cloud-based systems may also unwittingly create these problems.

Keeping track of all the IT aspects of a business requires a lot of meticulous work and ample time. It would be close to impossible to deal with all of these the traditional way. Organizations, however, can use an automated, continuous security validation solution to gain enhanced security visibility. Doing this significantly boosts the chances of catching weaknesses before they are discovered and taken advantage of by hackers.

It is not unusual for organizations to have issues with their security policies and governance. As such, it is only logical to consider prudent security validation as a regular part of the process of establishing, testing, and strengthening security posture.

Mismanagement of notifications and alerts

WatchPoint Data CEO Greg Edwards believes that the most overlooked factor when it comes to examining a company’s overall information security posture is the way security alerts are managed. “Too often cybersecurity solutions are purchased that existing staff can’t manage. Alerts end up being ignored, and breaches happen while the alerts are sounding,†Edwards explains.

Edwards adds that there are many excellent tools available to make the process of collecting and responding to alerts more efficient. There are tools that make use of artificial intelligence to cross-check false positives and ascertain that only legitimate threats are presented for the evaluation of a human security analyst.

AI-powered SOC centralization solutions, for example, can be effective in managing security alerts and notifications better. They provide a unified dashboard for monitoring all security events while automatically sorting and cross-checking alerts to make sure that the most critical incidents are displayed more conspicuously. Instead of presenting alerts chronologically, they can be ranked according to their threat level and urgency.

Poor data inventory

Data inventory refers to the proper organization of data assets. It does not necessarily mean that data are compiled in a single storage facility or a set of storage devices. What it entails is the proper recording of information about data assets including their names, descriptions of content, update schedules, licensing, ownership, privacy policies, and sources. Its goal is to make it easy to locate data whenever they are needed and to ensure the appropriate sorting and securing of delicate information.

Data Protection Group Leader Michael Zweiback lists weak data inventory as a primary concern for many businesses. To make sure that it does not become a weakness in an enterprise’s security posture, he emphasizes the importance of proper classification and safekeeping. “Your company should highlight any collected data that is more sensitive and highly regulated. This type of information is the most high-risk form of data stored which can lead to liability to regulators and consumers,†Zweiback advises.

Lack of disaster recovery measures

Jennifer Gill, Director of Global Product Marketing at enterprise disaster recovery solutions provider Zerto, highlights how the lack of attention on disaster recovery critically harms an organization’s security posture. “When organizations are evaluating their cybersecurity strategies, they often focus on avoiding attacks, blocking hackers from gaining access, and working to minimize damage when a hacker does indeed get in,†Gill explains.

It is a common misconception for many to equate cybersecurity with defense and remediation. Defeated security controls should not mean the end of an organization. As much as possible, a significant portion of regular operations should continue while remediation is taking place. There is a world of difference between a company that completely shuts down because of an attack and another that manages to proceed with many of its activities while it is recovering from an attack.

“Have a written disaster recovery plan. It sounds obvious, but with the complexity of the old way of doing replication and disaster recovery, it is very easy to forget the most important aspect of disaster recovery, actually writing down a plan,” Gill suggests.

This may not sound relevant to data protection, but it actually is. An effective disaster recovery plan means that viruses or spyware are unlikely to achieve their primary purpose of destroying digital assets and making it difficult for the victimized organization to recover. Spyware can encrypt everything in the local hard drives, but if regular backups are made, it’s as if the attack never happened.

There’s a reason why disaster recovery is included in the MITRE ATT&CK framework. For organizations to survive attacks, they cannot just rely on protective measures. No cybersecurity defense solution, after all, is foolproof or absolutely impenetrable. There will always be instances of breaches because of highly skilled and resourceful attackers.

Proper data protection is a must

Again, data protection is part of a solid cybersecurity system. It cannot be delegated as a minor concern for a few employees to worry about. The protection of enterprise data must be part of the overall security posture of an organization. Even for companies that do not handle large volumes of data, it is a must to adopt excellent data protection practices.