According to a recent survey of cybersecurity experts in "The CISO Current" (published by YL Ventures), widespread work-from-home practices continue to impact data security, affecting risk profiles and raising concerns about data loss. As I read through their report, a few findings stood out:
- 96% of those surveyed noted a rise in phishing attacks
- 17% noted a rise in insider-led data exfiltration attempts
- 64% predict phishing attempts will continue at higher rates as long as remote work continues at its current scale
The survey makes clear that data exfiltration is a primary concern for many CISOs. But protecting against data loss in a remote-first work environment isn’t easy. According to the report, “Sharing practices are shifting,” and this means “employees must take more ownership over their own cybersecurity postures.” Recently I published an article for the Forbes Technology Council highlighting many of the same challenges - along with some advice on how to solve them.
Data Loss Prevention and Data Access Governance
CISO Current put its finger on one of the biggest challenges to data security confronted by IT professionals today (emphasis mine):
While some [organizations] are pursuing DLP-type solutions, others conceded that they alone may not be able to prevent data loss at scale, given their inherent issues in scalability and prioritization. Many moreover brought attention to the fact that existing solutions in today's market only address already classified data. This renders DLPs inaccessible to many, as it is difficult to find talent willing to carry out the manual work around data classification...
This is precisely the problem we saw when we founded Concentric. Data categorization is the foundational capability needed for effective unstructured data protection - and it’s just not feasible without deep learning and automation. It’s what’s needed to make existing DLP solutions work better and Concentric automates the task of data discovery, classification and risk monitoring . No need for rules, regex, or end-user classification programs.