Preventing data breaches from becoming data disasters
- By Roman Foeckl
- Jul 20, 2015
The recent data breaches involving the Office of Personnel Management and the Internal Revenue Service represent a new front in the non-stop data breach war. Until recently, the government’s data systems have not seemed especially vulnerable to attacks. So why, all of a sudden, are we seeing these incidents on government sites?
The answer is very simple: It’s about the data. Over the past decade we’ve become accustomed to accessing government services online, attracting the attention of the same criminals causing havoc in the private sector. As more government services move to the web and more personally identifiable information is stored digitally, agencies need a stronger solution to protect that vital information. Fortunately, databases full of PII can be protected with data loss prevention solutions.
The great advantage of a DLP solution is that each agency or office can establish its own policies to determine what meets its criteria for an incident. The policies and risk thresholds of a small town will obviously be much different than those of a large federal agency – and each can have a solution to fit its own needs.
DLP is an essential aspect of any modern information security program. Just as IT managers monitor system usage to ensure enough available resources, they must also monitor the network for leaks from endpoint devices such as USBs, printers and mobile devices.
Moreover, enforcing strong content-aware policies can prevent sensitive data transfers from ever taking place. Such policies allow for a granular implementation based on users, computers or groups through the organization. It does not block all data transfers, but rather applies filters based on file extensions, predefined and custom content, applications, regular expressions and keywords, stopping confidential files or PII from reaching the exit points. A DLP solution can also set different violation thresholds, depending on users’ roles in the company, which helps prevent data loss due to human error or bad intent.
The recent attacks of government databases have been enabled by the theft of government employees’ network security credentials, which give hackers the access they need to orchestrate a bigger, more complex breach. A DLP solution can restrict confidential information like login and password information from leaving the safety of the network, which helps prevent those credentials from being used to target a different organization.
In the event of a data leak, a DLP solution can prevent data breaches from becoming major incidents. By monitoring what confidential information is leaving the endpoints, IT staff can determine what sensitive data was compromised, through what channel, what computer and more. A DLP solution can also create a copy of a leaked document and save it on the server to provide contextual information about the breach -- allowing for an immediate response, and drastically reducing the potential negative ramifications of a leak.
Government data systems have made tremendous strides during the past few years and with those gains have come risks. Solid DLP system can prevent and detect data losses well before they reach the levels seen with the OPM and IRS breaches.
Roman Foeckl is the CEO of CoSoSys.