SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Interview: Acronis co-founder on going all-in for DLP
Tue, 28th Jul 2020
FYI, this story is more than a year old

It's no secret that cybersecurity is becoming more important and essential as time goes on – and according to experts, data loss prevention (DLP) is at the forefront of many organisations' security strategies.

Costs of data-based attacks are skyrocketing, with the average cost of a breach in the ASEAN region reaching US$2.6 million, and as much as 10% of SME's closing their doors permanently after a significant breach.

And alarmingly, many of these breaches come from the inside: according to Acronis, two-thirds of serious data leakage incidents are caused by employees, contractors or visitors. In addition, a recent Tessian report shows there has been a 47% increase in email threats from insiders in the last two years.

These startling figures have helped accelerate DLP's status as one of the top spending priorities for IT leaders as organisations' risk profiles steadily rise in tandem with the sophistication and frequency of cyber-attacks around the world.

One of the most recent and high-profile examples of the rising value of this specialisation in cybersecurity is Acronis's acquisition of DeviceLock this month. A leader in DLP, DeviceLock's software prevents data leaks at the source, tackling the issue of internal security threats head-on.

“Insiders can be malicious – they could have an intention to bring damage to the company,” says Acronis co-founder and technology president Stas Protassov.

“But they can also be negligent. Human mistakes happen every day and you can't count on the fact that you're protected from it by default.”

The goal, says Protassov, is to eliminate as much risk as possible posed by internal actors – whether malicious or negligent – by adopting a DLP strategy.

“One of our strategies is to actually avoid developing a DLP strategy – instead, the strategy is to acquire it, which helps us to control how information is shared from inside the company.

So that's exactly what Acronis did. It acquired DeviceLock in mid-July, a decision that was made at breakneck speed: “There was a two-hour meeting where we met the founder and owner of DeviceLock to discuss all these issues. The decision to acquire was made at the end of that meeting,” says Protassov.

“We knew we needed DLP, and DeviceLock realised that they need to either be part of a bigger solution, or they need to start building another one. So the decision was quite simple actually.

The decision to acquire the company was also prodded along by the sudden and extreme proliferation of remote working in the wake of the COVID-19 pandemic. According to a study from Tessian, DLP risk profiles skyrocket in remote working circumstances due to a reduction in security-aware behaviour and an increased likelihood to use one's personal device for business purposes.

Findings from the report indicate that 48% of employees are less likely to follow safe data practices when working from home, while 84% of IT leaders report believing that data loss prevention strategies are harder to implement when a workforce is remote.

“With remote work, and especially when you work on your own private device, it definitely opens up additional avenues of attack. It's becoming an issue,” says Protassov.

And the issues that DLP is concerned with can affect businesses of any size.

“A recent report showed that two-thirds of SME's don't believe that they can be a target for an attack. It's quite understandable that they think like that,” says Protassov.

“They may think ‘I'm a small company, I have 10 employees, why would some hacking group be interested in targeting me?'

“The answer is: Because they can. They are breaking into your network not because you have data which cost billions of dollars, but just because they can steal some other data from you, and they can use your systems for another attack.

Even a small company has valuable data – from details of financial relations with clients, to the personal details of clients themselves, their preferences – this can all be used by unfriendly competition, says Protassov.

For these reasons and a whole host of others, having a DLP strategy in place, whether for multinational corporations or for SME's, is becoming more imperative as time goes on.

For more info on Acronis' latest cybersecurity offers featuring DLP, read here.