sb-au logo
Story image

Interview: Acronis co-founder on going all-in for DLP

It’s no secret that cybersecurity is becoming more important and essential as time goes on – and according to experts, data loss prevention (DLP) is at the forefront of many organisations’ security strategies.

Costs of data-based attacks are skyrocketing, with the average cost of a breach in the ASEAN region reaching US$2.6 million, and as much as 10% of SME’s closing their doors permanently after a significant breach.

And alarmingly, many of these breaches come from the inside: according to Acronis, two-thirds of serious data leakage incidents are caused by employees, contractors or visitors. In addition, a recent Tessian report shows there has been a 47% increase in email threats from insiders in the last two years.

These startling figures have helped accelerate DLP’s status as one of the top spending priorities for IT leaders as organisations’ risk profiles steadily rise in tandem with the sophistication and frequency of cyber-attacks around the world.

One of the most recent and high-profile examples of the rising value of this specialisation in cybersecurity is Acronis’s acquisition of DeviceLock this month. A leader in DLP, DeviceLock’s software prevents data leaks at the source, tackling the issue of internal security threats head-on. 

“Insiders can be malicious – they could have an intention to bring damage to the company,” says Acronis co-founder and technology president Stas Protassov.

“But they can also be negligent. Human mistakes happen every day and you can’t count on the fact that you’re protected from it by default.” 

The goal, says Protassov, is to eliminate as much risk as possible posed by internal actors – whether malicious or negligent – by adopting a DLP strategy.

“One of our strategies is to actually avoid developing a DLP strategy – instead, the strategy is to acquire it, which helps us to control how information is shared from inside the company.”

So that’s exactly what Acronis did. It acquired DeviceLock in mid-July, a decision that was made at breakneck speed: “There was a two-hour meeting where we met the founder and owner of DeviceLock to discuss all these issues. The decision to acquire was made at the end of that meeting,” says Protassov.

“We knew we needed DLP, and DeviceLock realised that they need to either be part of a bigger solution, or they need to start building another one. So the decision was quite simple actually.”

The decision to acquire the company was also prodded along by the sudden and extreme proliferation of remote working in the wake of the COVID-19 pandemic. According to a study from Tessian, DLP risk profiles skyrocket in remote working circumstances due to a reduction in security-aware behaviour and an increased likelihood to use one’s personal device for business purposes.

Findings from the report indicate that 48% of employees are less likely to follow safe data practices when working from home, while 84% of IT leaders report believing that data loss prevention strategies are harder to implement when a workforce is remote.

“With remote work, and especially when you work on your own private device, it definitely opens up additional avenues of attack. It’s becoming an issue,” says Protassov. 

And the issues that DLP is concerned with can affect businesses of any size.

“A recent report showed that two-thirds of SME’s don’t believe that they can be a target for an attack. It’s quite understandable that they think like that,” says Protassov.

“They may think ‘I’m a small company, I have 10 employees, why would some hacking group be interested in targeting me?’

“The answer is: Because they can. They are breaking into your network not because you have data which cost billions of dollars, but just because they can steal some other data from you, and they can use your systems for another attack.”

Even a small company has valuable data – from details of financial relations with clients, to the personal details of clients themselves, their preferences – this can all be used by unfriendly competition, says Protassov.

For these reasons and a whole host of others, having a DLP strategy in place, whether for multinational corporations or for SME’s, is becoming more imperative as time goes on. 

For more info on Acronis’ latest cybersecurity offers featuring DLP, read here.

Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Why securing IoT installations will be ‘do or die’ in post-pandemic Australia
Unless IoT technology is visible on the network, organisations will find themselves at risk with an unmanageable high-tech morass, warns ExtraHop A/NZ regional sales manager Glen Maloney.More
Link image
Put the pedal to the metal on the road to automation
Forrester data indicates that process automation was a strategic initiative for many organizations before COVID and remains so after. Catch this webinar to learn more about automation.More
Story image
The SASE triangle: How a CASB protects managed apps
Enterprises that fail to adapt to the modern business world when it comes to security are likely to fall prey to data breaches and experience a host of other problems, writes Bitglass product marketing manager Will Houcheime.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More