Most companies need to step up their efforts to protect their confidential data, making greater use of automated, real-time surveillance, and also not forgetting to monitor related activities in the Cloud.
Despite the fact that data security is one of most companies’ central concerns, many still have difficulty detecting suspicious access to files or noticing privilege escalations. These findings emerge from a recent report entitled ‘Security Incidents and Real-time Alerts’ by New York-based data protection and management company Varonis. Over 40% of the firms surveyed at recent infoSecurity events in London and Orlando, Florida were found to be poorly equipped to detect attempts at data breaches, having no or only limited automated capabilities – either real-time alerts or daily/weekly computer generated reports. The results show that very few companies (6%) have fully automated event detection capabilities in real or near-real time. Varonis also asked questions about the way companies monitor user privileges, file activity and file access changes.
Lack of automation
One of Varonis’ most eye-opening findings is that close to a quarter (24%) of the 248 security professionals quizzed said their company had no breach detection capabilities. In fact only 28% of the firms polled currently receive real-time alerts or automated activity reports designed to monitor changes to user privileges, while just 26% receive them for changes to file access, a figure which does however rise to 44% when it comes to unusual email activity. Overall, some 19% were revealed to have limited breach detection capabilities that enable them to spot some of these anomalous events but only 6% of the respondents have fully automated breach detection systems in place. However, Varonis underlines that companies crucially need to invest in automated detection if they are to successfully mitigate data breaches in good time, as automation is absolutely essential to achieve real-time analysis of files and other aspects of the system and ensure that immediate alerts are sent to the IT department.
Capacity for Cloud monitoring still very weak
The survey results further indicate that many companies urgently need to improve their monitoring of Cloud activity as well. At a time when many companies are orienting their processes towards Cloud computing, there are apparently very few controls in place for monitoring their employees’ Cloud activities. The study reveals that IT departments’ capacity for tracking such activity is much lower than for monitoring data stored on the premises: only 22% of the firms surveyed reported that they were geared up to track data once it is uploaded to the Cloud. The feedback from larger corporates presents a slightly more reassuring picture, but the figure is still low: only around 29% say they are able to track confidential data transfers in the Cloud.