It’s time we changed how we approached data loss protection

Ian Pugh, senior director, information protection, Proofpoint, discusses why organisations must change how they approach data loss protection.

The world of work and business is a very different place today than just two years ago. Trends such as hybrid working that had been gaining traction for some time have rapidly accelerated. But while most businesses are now well accustomed to the post-pandemic world, many policies and procedures are not yet up to speed. Data protection controls, for example, were primarily built around traditional working practices. In many cases, traditional Data Loss Protection (DLP) solutions have been focused on tools and perimeters designed to keep sensitive information in and malicious actors out. This legacy approach to DLP focused on data in use, in motion and at rest, without much context outside of this.

However, with many people now operating beyond traditional office settings, attitudes, behaviour and ways of working have changed. And with it, the way we access and interact with data has changed too. This new way of working requires a new way of protecting our sensitive data both from outside and from within — one that places much greater emphasis on people rather than just tools and controls.

How businesses can combat data security and GDPR issues when working remotely

Oliver Rowe, managing director of Fusion Communications, discusses how businesses can combat data security and GDPR issues when working remotely. Read here

Why it’s time to rethink DLP

While policies and procedures may be lagging behind in the new hybrid work environment, the same cannot be said of cyber criminals. Threat actors have wasted no time, first capitalising on the disruption caused by the pandemic and now honing their lures to target users in new and potentially less secure environments.

That old foe phishing increased significantly last year, with 95% of organisations experiencing an attack. Over half of these organisations suffered at least one compromised account, and the consequences for those on the receiving end are severe. The cost of containing a compromised account has doubled in recent years, up from $382,920 in 2015 to $692,531 in 2021.

While legacy DLP solutions may detect and deter initial phishing attacks, they do not collect any threat context information. This leaves organisations blind to data movement involving compromised user accounts and identities.

A modern DLP solution, on the other hand, can help IT teams quickly spot and revoke malicious third-party apps and block known threat actors and malicious IP addresses that could lead to account compromise.

Traditional solutions can also present challenges preventing data loss in other areas too. Blanket data protection controls applied to entire departments or organisations can be cumbersome, hampering productivity and resulting in false positives. In fact, nearly 70% of survey respondents reported that three in every four incident alerts they investigate within their traditional DLP solution are false.

A modern DLP solution overcomes this issue by adapting its detection, prevention and response to a user’s risk level and to the sensitivity of that data that’s being accessed. This tailored approach is particularly important for insider threats, the cost of which has increased by 31% between 2018 and 2021, now standing at $11.45 million.

Legacy DLP may spot suspicious activity but it provides no behavioural awareness before, during or after risky data movement— and offers little in the way of risky user behaviour analytics. In other words, legacy tools can’t help you answer the context of “who, what, where, when and why” behind an alert. The result is overburdened security teams and minimal insight into network activity.

Putting your people first

Your people are at the heart of any potential data loss. They are the ones with privileged access to your networks. They are the ones entering their credentials in your systems. And, with over 90% of cyber attacks requiring human interaction, they are the ones most likely to expose your data to cyber criminals.

That’s why a modern DLP solution must account for human behaviour, whether in the office, at home, or in between. Unfortunately, this is not the case with many legacy systems. Most will see any anomalous behaviour as an instant red flag, impacting user experience and costing security teams precious time.

At a time when “normal” working practices can mean different things from day to day, this approach is no longer fit for purpose. Remote and disparate workplaces need solutions that can proactively monitor and prevent data loss across endpoints while accounting for user behaviour, cloud access, and third-party apps.

And such adaptable protections are just one part of effective data loss prevention. This people-centric approach must extend into your training programme too. All the tools and controls in the world are not enough alone. Total data loss protection requires ongoing, targeted and adaptive security awareness training. Training that leaves users in no doubt of the part they can potentially play in reducing the number and impact of cyber attacks.

Today’s cyber criminals are constantly evolving, targeting new and sophisticated threats squarely at your people. Our defences must evolve too. If not, this is an arms race we don’t stand to win.

Written by Ian Pugh, senior director, information protection at Proofpoint

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at