“Businesses need to better assess risk of data exfiltration and malicious intent across the enterprise, including third party contractors. Specifically finding the data stores within the enterprise that have a high business impact and are at an increased likelihood from being attacked by infected devices or malicious users, can help predict and prevent such attacks, before they happen. Continuous risk assessment and monitoring of the enterprise attack surface can reveal such risks proactively.”
Rich Campagna, CEO at Bitglass:
“Whether it’s a careless auto-fill of an external email address in a file sharing prompt, or a malicious attempt to leak data, as it appears to be the case in this most recent Anthem breach, healthcare organizations must use technologies like data leakage prevention (DLP) to identify sensitive patient data and to build controls around when that data can be accessed and by whom. In this incident, simple rules could have been implemented that prohibit such a large volume of patient data from being shared outside the organization without internal approval.”
John Suit, Cybersecurity Expert and CTO at Trivalent:
“The Anthem breach is the most recent example of the critical need for better data protection across all industries—especially those that process personally identifiable information (PII) and protected health information (PHI) data. In this case, the breach reportedly came from an insider within a third-party consulting firm, who sent Anthem’s data to their personal email address. Not only does this highlight the dangers third parties can pose to enterprise data that is not properly protected, it also opens a larger discussion around traditional encryption. With the onslaught of high profile breaches in 2017, encryption alone has proven it is no longer enough to protect sensitive information from insider threats and next generation hackers. The only way to get ahead of data breaches is to address them as a likely probability, rather than an impossibility. With this proactive approach, enterprises can begin thinking about protecting data at the file level, rendering it useless to unauthorized users—even in the event of a breach.”
“Companies today are battling an increasingly varied threat landscape while managing huge amounts of data. It can be a challenge to keep close track of where this data resides to ensure it is secure – especially once shared with a third party.
“The reality is that although companies are becoming more focussed on preventing cybercrime within their own organisations, they need to realise that as soon as data is shared, these systems are now irrelevant if the third parties do not uphold the same compliance. In this case, it’s important to recognise that it’s not a system failure, meaning that unfortunately, humans still have a big part to play in the fight against cybercrime.
“In order to combat this more organisations need to recognise the importance of using automation to build their threat hunting capabilities and keep an eye on data. Our research shows successful cybersecurity teams are three times as likely to automate threat investigation – allowing them to devote more time to threat hunting as automation streamlines manual processes. Automation is vital to closely monitor data and pinpoint if any data is being leaked early – allowing more time to track down the problem and resolve it. The effective monitoring of people, process and technology is the key to effectively protecting the organisation’s data and detecting any threats.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.