Organizations across the globe are under increasing pressure to protect their sensitive data and remain compliant with the relevant data protection regulations. Yet, protecting sensitive data becomes even more of a challenge when you’re storing large amounts of unstructured data on cloud platforms, mobile and IoT devices. The problem is compounded by a general shortage of IT security professionals.
According to a recently survey by Ncipher, almost half (48%) of organizations in Hong Kong and Taiwan believe that their own employees are the number one security threat. 22% cited that external hackers were the biggest threat, while 17% were most concerned about malicious insiders.
According to a survey carried out by the Ponemon institute, which included almost 320 IT security professionals in Hong Kong and Taiwan, “the need to protect sensitive information is driving the adoption of encryption and hardware security modules (HSMs)”.
Encryption is Not Being Adopted Widely Enough
Encrypting sensitive data in order to make it unreadable to anyone who doesn’t have the decryption key, is a crucial part of any organization’s defense strategy. Despite this, only 45% of respondents have consistently applied an encryption plan across their organization, and only 39% in Hong Kong and Taiwan.
Meanwhile, 67% of German organizations have an encryption strategy in place – the highest of all countries surveyed.
In both Hong Kong and Taiwan, the main driver behind the increased focus on encryption, was the protection of customer information and intellectual property.
63% or organizations encrypt human resources data, 53% encrypt intellectual property, while only 17% encrypted healthcare information.
Data Discovery and Classification
When it comes to the encryption of sensitive data, one of the biggest challenges that organizations face is knowing exactly where their sensitive data resides. Is it stored on their local network or in the cloud? Is it stored on Dropbox or AWS? Is it stored on mobile or IoT devices? Can sensitive data be found in emails?
59% of respondents from the above report have cited this as the number one challenge when it comes to implementing an effective encryption strategy. These days there are a large number of data discovery and classification tools which can automatically discover and classify a wide range of data types, such as social security numbers, protected health information, payment card data, and so on.
Some solutions will even automatically encrypt sensitive data as it is found. Not only does data discovery and classification help organizations locate and encrypt their data, but it also makes it easier to setup access controls to protect that data.
Auditing Sensitive Data
Given that “employee mistakes” were cited as the biggest data security threat, organizations will need to ensure that they have the rights tools to detect, alert and respond to suspicious user behavior. They will need to monitor, in real-time, any changes that are made to user account privileges, files, folders, email accounts, and so on.
Some of the more change auditing solutions provide data discovery and classification out-of-the-box, including a wealth of other features such as automated password expiration reminders and threshold alerting.
Threshold alerting enables IT teams to automate a response to events that match a pre-defined threshold condition, such as the bulk encryption of files, or multiple failed login attempts.
LepideAuditor, for example, is a Data Security Platform that combines data discovery and classification with user behavior analytics, permissions analysis and change auditing. If you would like to see how this solution can help your business, schedule a demo of LepideAuditor today.