December 10, 2019

Cybersecurity’s Proactive Data Protection Age is Upon Us

Chris Boorman

The industry has been in react-and-repair mode for long enough … it’s time for a proactive health and wellness approach to better safeguard users, systems, and data.

Cybersecurity evolved as a reactive endeavor. That’s because it started as a reaction to the first sustained attacks on computing systems delivered through floppy disks in the 1980s and later, much more widely, via email and the internet.

For decades, defenders of computers and the data on them have played a game of catch-up against bad guys who always seem like they’re a step ahead. The dominant paradigm of cybersecurity during this era has been one of beleaguered white hats trying to defend the perimeter against attacking black hats … and when that failed, trying to repair the damage from successful attacks as quickly, and often surgically, as possible.

Of course, there have been some proactive measures taken during these years to stop the bad guys. Namely, law enforcement efforts to arrest hackers, break up spamming rings, and the like. Those efforts mostly just kick the can down the road, however—taking some fairly low-level bad actors out of the game, temporarily. But there are always plenty of black hats to replace them—including well-funded nation-state actors—and they have access to increasingly sophisticated, widely available tools and techniques for threatening systems, networks, and data.

To this day, a disproportionate chunk of cybersecurity spending still goes towards the equivalent of surgery and chemotherapy for sick organizations, designed to fix things and minimize the damage after a specific threat has been identified or even after a data breach has actually happened. Organizations still aren’t allocating enough time and money to analyzing systems for vulnerabilities before they’re attacked. Or enough on studying past data breaches to pinpoint which users and/or systems failed, when they failed, and how they failed.

And few organizations have even begun doing the most proactive type of cybersecurity, which involves actively, adaptively, and automatically blocking dangerous user and system activities to promote a healthier, happier IT organization.

The dawn of a new proactive paradigm.

The good news is that we are on the cusp of a new era in cybersecurity. One where real, actionable preventative health and wellness regimens are being developed to better safeguard data.

Call it the Dawn of the Proactive Data Protection Age.

Or don’t call it that! Because that’s a bit pompous sounding! But the truth is, we really are seeing the cybersecurity industry begin a journey towards truly proactive data protection.

Data is more prevalent … and more migratory than ever. It’s generated in massive amounts and shared by people and machines all around the world, over the internet, and in the cloud. There’s so much of it that most organizations find themselves in what we can call a Data Swamp. This is a murky, scary place bubbling over with data that’s incredibly hard to keep track of and protect.

In fact, it’s estimated that more than half of all data stored by organizations around the world is “dark data” of unknown value. It lives in the Data Swamp, nestled in hard drives, secreted away in server logs, tucked away in folders within folders on the cloud. Even if we’re able to protect our Data Swamp from outside attacks fairly well, we usually don’t know what’s going on beneath the surface that might pose an internal threat to our data. If an organization does have DLP at this stage they are "light" capabilities across multiple point products working in isolation - the result being ineffective understanding of data movement or use.

We call this Stage 0 on the journey towards modern Data Protection. Let’s outline the next few steps organizations typically take to get there, keeping in mind that in almost all cases, there’s no skipping stages in this journey.

Stage One: Visibility

The first step in getting out of the Data Swamp is to deploy tools (often in an enterprise DLP platform) that offer visibility into where data lives, what it’s doing, and where it travels. Lots of organizations are already doing this manually with Big Data search tools and DLP products that offer data discovery and control features. These solutions provide quicker discovery of a data loss incident, helping organizations to begin plugging holes and repairing damages much faster than those who do not deploy DLP. The challenge is that such tools only alert cybersecurity administrators to data breaches after the fact and don’t include robust forensics tools for analyzing how a breach occurred. They are set in audit-only mode with good intentions – to avoid disrupting legitimate business transactions – but because of this, they do not offer as much help in preventing future incidents.  Organizations at this stage may be "compliant" but not secure.

Stage Two: Analysis and Alerts

The next stage in proactive data protection is to begin really analyzing data and its movement within an organization in order to understand what happened during a data breach. This post-breach analysis can be very robust and utilize the best available forensics tools, but it is ultimately still reactive in nature. Still, organizations at this stage of their journey are able to take the lessons they learn and manually adjust their data protection policies to help stop the next incident.

Stage Three: Proactive Automation of Data Protection

The final path to being fully proactive about preventing a data breach via either infiltration or exfiltration is to enable DLP solutions which automatically analyze user and system behavior, block access and activity deemed to be threat, and automatically adjust policies tailored to individuals as they learn the context around exhibited behavior. These solutions create a risk-adaptive score for a user in an organization and proactively automate individual-tailored security based on this scoring—without it getting in the way of the user.

This is what modern Data Protection looks like – an adaptive, automated process that creates as little business friction as possible by stopping dangerous activity but not impeding regular users and systems with overzealous blocking. These advanced DLP solutions are designed to empower business goals rather than acting as a brake on them, protecting an organization’s people and data without impacting how people use data to do their work.

By making the leap from passive Data Loss Prevention to Risk-Adaptive Data Protection, organizations can lower the risk of brand or financial damage resulting from data breaches while leveraging human-centric cybersecurity to better achieve their goals.

Where are you on the journey towards modern Data Protection?

Is your organization ready to move from passive Data Loss Prevention to proactive Risk Adaptive Data Protection? Use the following resources to help guide you.


About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.