The risk of data loss has surged amidst the Covid-19 pandemic, creating a new level of complexity around data loss protection (DLP), regulatory compliance, and governance.
From a DLP standpoint, few companies were prepared for the realities of a sudden, work-from-home environment. Especially in the early days of the pandemic, employees moved and used data freely, often in unsanctioned ways.
In fact, according to Digital Guardian’s Data Trends Report, from March 1-April 15, 2020:
- There was a 123% increase in data downloaded to USB devices by employees. 74% of that data was classified by organization data governance policies.
- Cloud storage and USB devices were the most preferred egress paths after the pandemic declaration, accounting for 89% of all data egressed.
- Data egress across all paths (email, cloud, USB, etc.) was 80% higher in the first month following WHO’s COVID-19 pandemic declaration. More than 50% of that data was classified.
- Malicious external activity, increased by 62% following WHO’s pandemic declaration. The increase lent itself to a 54% increase in incident response investigations.
Though most insider incidents and data leakage could be considered inadvertent, a small but growing percentage were acts of deliberate data exfiltration. For example, 35% of employees take company documents and data with them when they leave a job, according to Tessian’s 2020 report, “Why DLP Has Failed and What the Future Looks Like.” This same survey also found that:
- 48% of employees say they’re less likely to follow safe data practices when working from home
- Data loss incidents on email happen 38x more often than IT leaders think
Despite the uptick in insider threats and incidents, external bad actors remain the primary perpetrators of data breaches. According to Verizon’s “2020 Verizon Data Breach Investigations” report, over half of all “unwanted occupant” are organized, professional criminals and 60% of incidents are DoS.
Emerging DLP Tools & Solutions
Given the growing threat of both malicious and inadvertent data leaks, the DLP solutions market is expected to grow from $1.21 billion in 2020 to 3.75 billion by 2026 at a CAGR of 23.59%.
As more and more organizations move to the cloud, organizations will move from an identity-as-the-perimeter approach to zero trust frameworks. In fact, 60% of companies will replace VPNs with zero trust network access (ZTNA) by 2023 according to Gartner.
Artificial Intelligence (AI) and machine learning (ML) are also being widely adopted for DLP purposes. AI-powered behavioral analytics has proven to be effective at identifying anomalous behavior that could indicate malicious activity. AI has also an effective tool for orchestrating the configuration of adjacent and impacted systems to reduce the propagation and scope of breaches.
Though AI has yet to be widely adopted due to its current limitations and vulnerabilities, the AI cybersecurity market is projected to grow from $8.6 billion in 2019 to $101.8 billion by 2030.
As malicious actors become increasingly sophisticated, ethical hacking has also emerged as one potential way to expose and close vulnerabilities. For example, Beacon AI recently launched a new ethical hacking service designed to specifically address the increased risks of remote working for companies that have sensitive information and IP to protect.