Tim Bandos, VP of Cybersecurity at Digital Guardian set aside some time to discuss his latest work, The DG Data Trends Report. Research for the report was performed during (and as a result of) the Covid-19 pandemic to study how much sensitive corporate data was “egressing” from the security of home base.
We talked last month, but I was in the midst of five or six virtual conferences and I’m only now beginning to catch up with the accumulated pile of other interviews and reports that come my way.
Digital Guardian has developed and implemented a technology that you can procure that includes an “agent” that gives visibility into data movements within and into and out of your corporate environment. It sounds pretty cool, actually.
To set the stage for the current crisis, Bandos points to the results of the 2007-2009 financial crisis:
[The crisis] led to 37 million unemployment claims. It also resulted in a slew of trade secret theft charges. In 2013, the Department of Justice said it charged more than 1,000 defendants with intellectual property theft between 2008 and 2012.
The DG report derives from real data from organizations spanning the globe and across multiple industry verticals. It is definitely not just a survey.
Following are a few tidbits from the survey.
- Since the onset of Covid-19, DG saw a 123% increase in the volume of data moving to USB drives and 74% of that data was classified according to the DLP practices. Now, much of this was taking work home. But much also this data can now not be controlled.
- With employees working from their homes, data egress via all means (email, cloud, USB, etc.) was 80% higher in the first month following the World Health Organization’s declaration. More than 50% of the observed data egress was classified data.
- Digital Guardian’s managed Detection & Response customers noticed a 62% increase in malicious activity, a number that in turn has led to an increase in incident response investigations—64% more than before the declaration.
Five tips to protect data
1. Issue Data Governance Policy Reminders
2. Label Sensitive Information
3. Limit Access to Sensitive Data
4. Host a Remote Security Awareness Training Session
5. Consider Deploying Virtual Desktop Infrastructure or Desktop-as-a-Service.