With high-profile data breaches making headlines on a regular basis, it’s no wonder that data security is top of mind for so many organizations. But what exactly is data security posture management (DSPM)? In this blog post, we’ll take a closer look at DSPM and how it can help your business keep its data safe and secure.

‍Data leaks happen when sensitive data or personally identifiable information (PII) is accidentally exposed on the internet or dark web. Typically, data leaks only occur due to poor cyber hygiene, weak network security, or software misconfiguration that can lead to unintended data exposure. Without proper data leak detection processes, cybercriminals and hackers can exploit the exposed data without the organization’s knowledge using open-source intelligence (OSINT).

The last few years have seen a huge shift in how organizations work with their data. The COVID pandemic accelerated a digital transformation as workers transitioned from the office to home-based and back into hybrid working environments. With this new set-up, collaboration is key to worker efficiency. However, the adoption of Microsoft 365 and Teams as a front-end platform has created new challenges for security teams.

Email is a popular channel for hackers: phishing attacks and malware usually originate from email. In 2022, Verizon found that 82% of breaches involved the human element: phishing emails and ransomware delivered via email continue to plague organizations of all sizes. For an organization with 1–250 employees, roughly one in 323 emails will be malicious, according to Comparitech.

By one estimate, 60% of all corporate data is stored in the cloud. Businesses rely on cloud platforms like Slack, Google Drive, GitHub and Confluence to store data, share information, and run smoothly. Unfortunately, hosting all this information in one place provides an appealing target for hackers. Cloud programs are often vulnerable to data hacks, leaks, and insider threats.

Data loss prevention starts with data visibility. Without a clear idea of what data an organization has, where it lives, and how it’s used, data loss prevention (DLP) is essentially an exercise in futility. While the concept of data visibility may seem straightforward, in practice, it’s a challenge. The rise of remote work has led to a proliferation of devices and programs that prevent an IT team from getting a clear picture of where data lives.

Remote work is not going away. Depending on who you ask, experts believe 35% – 65% of the US workforce will continue to work remotely, permanently. Remote work was a trend that began well before the pandemic and will continue to be the preferred way to work for companies and employees alike. However, many companies were unprepared for the speed at which remote work became the preferred office structure. The pandemic forced businesses to adopt new tools and processes virtually overnight.

Modern enterprises will have to work with customer data in one way or another. The COVID-19 pandemic proved that the only businesses that would survive the future were those willing to embrace technology. While technologies such as the Internet of Things, and artificial intelligence have undeniable benefits, they have also presented complications. Managing your customers’ or site visitors’ data is a lot like having intimate access to their homes.

By design, Salesforce is an environment where customer PII and other sensitive information must be shared and stored. However, compliance regulations like PCI DSS, HIPAA, GDPR, CCPA, and others limit this storage and usage of customer data to only what’s justifiably required for an organization to carry out its duties. Even then, there are requirements for how this data should be stored – like whether it should be encrypted, for example.

We are pleased to announce the launch of NC Encrypt to provide independent encryption key management and Bring Your Own Key (BYOK) support for Microsoft 365 applications and SharePoint Server environments. The sheer number of communication and collaboration channels the M365 platform has introduced, increases the vulnerability of sensitive data and potential for accidental data loss or overexposure, making protection mechanisms such as encryption critical.

On Thursday evening, around 6:25 PM, Uber announced that it was responding to a cybersecurity incident. While Uber hasn’t gone into details about what happened, the purported threat actor has openly corresponded with several security professionals, including Sam Curry at Yuga Labs, Corben Leo at Zellic.io and The New York Times. According to both Curry and Leo, multiple systems were impacted.

IHG Hotels & Resorts, the hotel group that owns the Holiday Inn and Intercontinental brands, experienced a cyber attack in the first week of September. The attack has impacted the central hotel’s booking system and mobile apps, causing a service outage for several days. Loyalty program members could not log in or create new bookings during this time.

My first interaction with a firewall was with a TIS Gauntlet that I compiled on a Sun workstation in 1994. Since then, I have worked with firewalls from Checkpoint (back when configuration files were clear text flat files and they only had support out of their headquarters in Israel), Raptor, Pix (when they booted from a 3 ¼” floppy), and finally the Cisco ASAs, FortiGates, and Palo Alto firewalls of today.

Data classification can feel like an overwhelming task, especially for organizations without a strong practice in place. As with any security approach, data classification is both crucial and tempting to avoid. Regardless of whether the value is recognized, there’s a chance that it gets pushed further and further down the priority list in favor of items that are easier to address.

The Federal Trade Commission has recently updated the 2003 Gramm-Leach-Bliley Act ‘Safeguards Rule’ to create new standards and procedures that will apply to auto dealerships and go into effect in December 2022. The Safeguards Rule outlines the standards required for the protection of consumer data. The new updates create stricter criteria and procedures that car dealers will need to implement, both to reduce the risk of a data breach and to better protect customer data.

Demands on data have created a host of challenges for security and administration, and traditional tools are not keeping up. As we expand collaboration and business activities outside the office, data moves more widely and user permissions expand with every responsibility or team project. Keeping ahead of this permission burden is tough yet necessary for zero trust “don’t trust, verify” security.

According to research by Statista, over 80% of internet users in the US fear that their personal information is vulnerable to hackers. Data privacy defines how organizations and other entities collect data on other individuals, how they process it, for what purposes they collect and process it, how long they keep it, and how they protect it, to name a few. In the modern digital environment, data privacy certifications are essential since they impart the skills needed to become privacy specialists.

Today we are proud to announce general availability of our patented cloud-based endpoint data loss prevention (DLP) solution. The release of endpoint DLP expands the already comprehensive Netskope DLP platform and represents a major milestone in data protection, as it enables customers to protect data anywhere, across their hybrid enterprise ecosystem and in the cloud. Let’s look at why this is so important.

The risk of a data breach is exceptionally high for financial organizations. Hackers recognize the high value financial data has on the dark web. Other cybercriminals pay significant amounts to get their hands on customers’ personally identifiable information (PII) and commit lucrative cybercrimes, like identity theft and insurance fraud. One of the most common ways cybercriminals gain access to this data is by exploiting data leaks.

Data leaks occur when organizations fail to implement proper cybersecurity measures, causing sensitive data and other personally identifiable information (PII) to be exposed to the public. In most cases, data leaks occur due to internal human errors, an oversight by the IT committee, or a lack of strong security practices.

The US Department of Defense (DoD) initiative to adopt the Executive Order for Zero Trust is heating up. This week the Pentagon’s CIO, John Sherman, announced plans to implement a zero trust architecture agency-wide within the next 5 years – by 2027. To support this initiative, he plans to announce a new strategy next month to help meet the ambitious deadline for an agency of over 4 million people.