Virtualization Technology News and Information
VMblog Expert Interview: Code42 Explains Key Findings from its 2021 Data Exposure Report

interview code42 wojtasiak 

Code42 recently concluded its 2021 Data Exposure Report which surveyed U.S. business decision makers and IT security leaders.  The report uncovered the factors that are leading to the growing problem of Insider Risk including analysis of data loss after COVID-19, the challenges of building a program to address these risks, and why operating in maintenance mode with outdated tools may be a sunk cost to leave in 2020.  The company has also released a second volume to the report, uncovering even more details.

To find out more about this report and its findings, VMblog reached out to Mark Wojtasiak, VP, Portfolio Marketing, Code42. 

VMblog:  Code42 recently released its 2021 Data Exposure Report.  Can you provide an overview of the study and what it covers?

Mark Wojtasiak:  At Code42, we focus on highlighting the importance of Insider Risk Management to protect company data and IP from exposure caused by anything from well-intentioned actions by employees to malicious activity like a departing employee taking source code to a competitor. For the 2021 Data Exposure Report, we focused on how COVID-19 has impacted data protection practices. What we've found is that COVID-19 has created the perfect storm for Insider Risk to spread like wildfire as companies have had to adapt to fully remote workforces. Employees are logging on through home networks, collaborating over the cloud and are outside of traditional security ecosystems. The Data Exposure Report found that both business and security leaders are allowing massive Insider Risk problems to mature in the aftermath of the significant workplace shift in the past year. In this report, we examine a number of factors, which we believe are leading to this growing threat.

We recently released a second volume of the report, which centers around how data loss prevention (DLP) is no longer an effective solution in mitigating Insider Risk and how to better security risk management data, especially as employees continue to work remotely. 

VMblog:  What are some of the key findings from the study?

Wojtasiak:  Volume 1 of The 2021 Data Exposure Report found that employees are 85% more likely today to leak files than they were pre-COVID. Since the start of the pandemic, 61% of IT security leaders said their remote workforce was the cause of a data breach. Security teams are operating in maintenance mode with outdated tools, which aren't adapted to the collaboration tech we use in our daily work - and that is leaving organizations exposed as they look to the future.

Many organizations are up against numerous challenges as more than half of organizations don't have an insider risk response plan, yet six in 10 IT security leaders expect Insider Risk to increase significantly throughout 2021. 40% of organizations don't assess how effectively their technologies mitigate insider threats. While traditional data loss prevention (DLP) tactics sound good in concept, most security teams describe using these solutions as "painful" as roughly 66% of organizations say that DLP solutions frequently block employees from accessing data even if they are within policy with 76% of organizations suffering a data breach despite having a DLP solution in place. It's critical to think about where DLP falls short in areas such as data portability, intellectual property protection and system complexity.

VMblog:  How has COVID impacted the way security teams protect data?

Wojtasiak:  Prior to 2020, security teams were already grappling with securing rapidly expanding digital workspaces brought on by the cloud and other digital transformation initiatives. When public health protocols and social distancing spurred a rapid shift to remote work, security teams went from protecting dozens of endpoints in a controlled environment to thousands across a rapidly dispersed, remote workforce. The need for employees to remain productive during this time meant many turned to alternative collaboration tools outside of corporate-approved applications, which only increases the risk of data exposure or file exfiltration. In fact, according to the Data Exposure Report volume I, 76% of IT security leaders said their organization had experienced one or more data breaches involving the loss or theft of sensitive information contained in documents or files in the last year.

VMblog:  Where are organizations seeing the biggest challenges when dealing with Insider Risk?

Wojtasiak:  Two words - all fronts. According to IT security leaders, it takes roughly 118 days to identify a data breach and 55 days to contain one. One reason as to why this process takes so long is because there is a disconnect between who owns security management and has the ultimate authority. IT Security leaders put line of business leaders (44%),General Counsel (33%) and end users (30%) ahead of CISOs (28%) according to the 2020 DER. Bottom line, there needs to be better collaboration among IT security lines of business.

Security teams using traditional security solutions do not have visibility into the events that lead to data exfiltration-preventing them from understanding the damage already done and from stopping future threats. One example of this is when an employee leaves for another company and tries to take data with them. Security teams have no way of knowing the extent to which sensitive information has been compromised. According to the DER volume II, 72% of the time, security professionals do not have the necessary context to know if they should close or pursue an investigation.

Another area of contention is IT budgets, as two-thirds (66%) of IT security leaders believe their budget for Insider Risk is insufficient, yet 54% of IT security leaders spend less than 20% of their budgets on Insider Risk. Companies must empower employees to take responsibility and follow best security practices to help mitigate possible Insider Risk. 

VMblog:  How can organizations best protect against Insider Risk?

Wojtasiak:  56% of security teams lack historical context into user behavior meaning that security teams have no idea when an employee may become a risk. The first step is to recognize potential Insider Risk indicators and then take the proper actions to build a well laid out risk program. Such steps include putting technologies and processes in place that can identify risky behaviors, such as working off-hours, changing file extensions, and having access to the files of a highly confidential project, without inhibiting the organization's collaborative culture and employee productivity. It's critical to find technologies that flag insider risk indicators. Once these risk indicators are identified, it's critical they're put in context with other events in the business and, if necessary, acted on to prevent further damage.

VMblog:  What does the future hold for Insider Risk?

Wojtasiak:  59% of IT security leaders say insider threats will increase or significantly increase in the next two years. The pandemic proved that employees today are more likely to leak data than they were before. However, it proved that collaboration culture - with widely distributed workforces that use collaboration technologies - is highly productive and is not leaving anytime soon. Security teams must embrace shifts in workplace culture and adapt their Insider Risk strategies accordingly. Organizations are realizing that relying on prevention and dated tactics like DLP will not work. There are simply too many vectors to cover that traditional data loss protection solutions aren't designed to handle. A faster, simpler, more comprehensive path to data loss detection and response is the answer.


Published Thursday, April 29, 2021 7:36 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2021>