Key Steps for Effective Enterprise Data Protection

The need for effective enterprise data protection has never been greater. Not only are companies around the world facing more threats than ever before, but the penalties for failures in this area are also significant.

Potential consequences come from both regulators, who are taking a tougher line than ever when it comes to breaches of consumer privacy, and customers themselves. Nobody wants to do business with a company that displays a lax attitude towards their privacy, whether this is selling their data without permission or leaving it vulnerable to the activities of hackers. 

With cybercriminals constantly circling and waiting to take advantage of any mistakes in your enterprise data security, it therefore pays to make sure you’ve got defenses in place that are able to cope with whatever the coming months and years will hold. 

A key trend over the past few years has been a growing recognition of the importance of data to both businesses and hackers. In the past, ransomware attacks primarily sought to disrupt businesses by encrypting data or blocking access to systems. However, in 2024, our research showed more than nine out of ten attacks (93 percent) also exfiltrated data, indicating the increased value hackers can now get from targeting these precious assets.

The costs of losing sensitive data come in many forms. As well as direct lost business, reputational damage and legal cases can last for years. Both higher penalties from regulators and class action suits from affected customers can result in huge expenses for victims. At the same time, customers are becoming much more sensitive to how their personal data is used and will be highly reluctant to keep working with businesses that have demonstrated they are unable to adequately protect these assets.

For example, according to Statista, over 60 percent of people in the UK said their awareness of how personal information is collected and used had grown in the previous three years. Meanwhile, publicly-traded companies that fall victim to data breaches see their stock value fall by an average of 7.5 percent in the immediate aftermath, and continue to underperform in the market for years.

One of the biggest issues facing many firms as a result of this focus on data is so-called ‘double extortion’ ransomware. This has become a much greater threat in the last couple of years – partly because it promises a much better likelihood of profit for cybercriminals.

Double extortion techniques are so successful because they don’t just demand firms pay up to restore access to their data – which many companies should now be able to do without making a payment. In many cases, the real motive for giving into demands is to prevent the public release of company or personal data, and all the associated problems this can cause.  

This technique offered proven results. For instance, according to Sophos, the average ransomware payment in 2024 reached $2.73 million, an increase of almost $1 million from 2023.

One of the biggest and most high-profile attacks of 2024 included Change Healthcare, which is expected to cost the health insurance firm over $1 billion. This included $595 million in direct costs for operations restoration and other response efforts, as well as a claimed payment of $22 million to the hackers – illustrating how ransoms themselves only account for a small fraction of total expenses.

To be successful at attacks like double extortion ransomware, cybercriminals must be able to exfiltrate sensitive data in the first place. Therefore, having the right tools in place to identify and contain this threat must be a priority. Yet this is something that many traditional solutions, which are focused on perimeter defense, fail to do effectively.

Another enterprise data protection challenge that many firms are having to deal with is the fact that their digital environment is now often much bigger and harder to control than in previous years. This is mainly due to changes in the way many companies operate, especially when it comes to remote and hybrid workers. According to Owl Labs, for instance, although many firms have undergone a ‘return-to-office’ push in recent years, a third of the US workforce remained hybrid or fully remote in 2023.

These trends mean businesses are investing heavily in tools such as cloud computing and mobile connectivity, presenting a wide range of opportunities for hackers to access networks through unmonitored entry points and devices and software that may only be equipped with consumer-grade protection.

Hackers have always been quick to respond to evolving trends, and remote and hybrid working is no exception. Cybersecurity provider AON, for example, noted that when Covid lockdowns forced many businesses to shift to home working, the proportion of attacks targeting home workers increased from 12 percent of malicious email traffic to more than 60 percent in just six weeks. 

One reason for this is an assumption that remote workers, who are without direct contact with colleagues and outside the network perimeter, may be more vulnerable to attacks such as phishing.

Meanwhile, employees that connect to corporate networks remotely may be putting their firms’ data at risk if they use unprotected Wi-Fi connections, while those using personally-owned devices (so called bring your own device) could pose further challenges for security teams if they do not have the same robust anti-ransomware protection installed on these endpoints.

So how should firms go about tackling these issues and ensuring their enterprise data security and protection? There are a few key principles to remember if companies are to successfully protect their private data. 

Among these are having a complete picture of your network environment – including any personally-owned data storage devices. You also need to demonstrate strong governance and ensure all your solutions, from training processes to software tools, are regularly reviewed and updated.

Indeed, data governance has now become a top priority for any enterprise. One reason for this is tougher regulatory responsibilities, with authorities around the world now demanding that businesses can demonstrate.

Understanding exactly what type of data you have and what its value may be to hackers is a critical first step. This ensures you’re able to prioritize your resources effectively – which is vital in the big data era when budgets are always stretched.

While most firms will hold many types of data, ranging from information that is constantly being accessed through to historical records held in archives, there are a few essential types that should be at the top of the list when it comes to data protection. These include:

• Mission-critical data: Essential for day-to-day operations, this includes the transactional data generated by everyday systems such as sales and CRM tools and is vital to servicing customers.
• Private company information: This may be highly valuable to competitors, and as such is often a target of industrial espionage. It includes the master data you hold on customers and products, as well as trade secrets, R&D data and future planning strategies.
• Customer personal data: Arguably the most important type of data from a regulatory viewpoint, misuse, or careless handling of personal or financial data belonging to consumers can lead to costly fines.
• Unstructured data: Information that doesn’t fit into traditional databases – including images, video, audio, emails and social media posts – can be harder to protect, but is hugely valuable to hackers.
• Cloud data: Data stored in the cloud will need to be especially protected with encryption both at rest and in transit, as it will be held outside the firm’s own network perimeter.

Having a named data protection officer is a key duty for any firm that is covered by the EU’s General Data Protection Regulation (GDPR). This role is about much more than making sure data is secured against intruders. It also requires them to closely monitor how businesses use the data they collect about customers, to ensure it is not being stored, used or traded inappropriately.

This should include putting together clear documentation on exactly what type of data is being collected and processed, why it is necessary for the running of the business, and what data protection solutions are in place to keep it secure.

It’s also vital to remind every user of their own responsibilities when it comes to looking after data, especially for hybrid and remote workers who may be storing information on their personal devices. Comprehensive training for these individuals to ensure they know what’s expected of them is a must.

Being able to prevent data exfiltration is a critical part of any enterprise cybersecurity strategy, but this is easier said than done. Many firms that are focused on perimeter defense could find themselves overlooking activities within their network that can lead to data theft. 

This can leave firms vulnerable to a wide range of attacks that have been designed specifically to bypass such defenses. Tactics such as fileless attacks or use of zero-day vulnerabilities are hard, if not impossible, to detect using traditional systems and can result in businesses losing large amounts of data before an incident is ever detected. Therefore, more modern solutions to guard against data exfiltration are a must.

A common solution to those challenges is to deploy data loss prevention (DLP) software. However, these tools alone may not provide the security against data exfiltration that businesses expect.

One reason for this is the outdated way such solutions work. In many cases these tools are structured, data-centric systems that are dependent on techniques such as signature matching. However, this only works to detect known threats, leaving firms exposed to emerging attack types.

In addition to this, they typically require large resources to operate and maintain. What’s more, because they must send every data packet through a central hub where it is decrypted and analyzed, they can even be a weak point for hackers to exploit.

To address these issues, newer technologies such as anti data exfiltration (ADX) are needed. These go beyond traditional DLP and endpoint detection and response (EDR) solutions by adding in-depth behavioral analysis tools in order to identify and block suspicious traffic immediately, without the need for human intervention. 

A true ADX solution can deploy advanced technologies such as artificial intelligence to build a much more complete picture of what normal activity within a network looks like, and automatically take steps to block any attempted data exfiltration before it occurs.

By using AI-driven behavioral analytics, firms can take a more user-centric approach to their data management efforts. This means unauthorized data exfiltration attempts are detected and blocked immediately without disrupting the activities of legitimate users. 

For example, it can analyze unusual behavior such as large out-of-hours data transfers or contacting unidentified external servers. It does this by comparing all activity to known user patterns and immediately flagging anything that appears out of the ordinary, blocking data transfers until they can be reviewed.

Utilizing this technology across all a business’ endpoints will be essential in keeping up with the evolving tactics used by hackers in the years to come. Powerful yet lightweight tools that are easy to install on any device, including personally-owned mobiles, will play a critical role in detecting and preventing data exfiltration and therefore combating the latest, most dangerous breed of ransomware attacks.