As security concerns stifle consumer buying, endpoint protection offers a solution

Data-protection tools can monitor compliance and prevent data exfiltration – but they require CISOs to get proactive about insider security

Australian businesses must get more proactive about identifying potential breaches of sensitive credit-card, healthcare and other information before it's exfiltrated from the company, according to one vendor who says sensitive data – and, often, the laptops they're stored on – are disappearing from Australian businesses at a surprising rate.

Although lost laptops during nationwide asset transfers are nothing new, many recent investigations have uncovered employees who have been harvesting sensitive data from company devices, says Rick Ferguson, regional sales manager with Cylance and former country manager of endpoint-security firm Absolute Software.

Use of the company's geofencing technology, Ferguson said, helped one Australian customer trace an employee who was in the process of leaving the company and said he had returned his system but was in fact using it at his home well outside of the city. Another company was noticing that 80 laptops might be sent from Sydney to Melbourne but only 75 would arrive; by installing geofencing software when the devices were configured, it became easy to figure out where they were ending up – and the thefts stopped.

Such proactive tracking has become critical for companies concerned not only about their valuable assets going missing, but about the massive volume of data that is stored on them and – whether intentionally or accidentally – leaked outside the company by company insiders.

“These kinds of things are real and they're happening in Australia,” Ferguson recently told CSO Australia. “Data breaches have become a permanent cost that organisations need to be prepared to deal with, and to incorporate in their data protection strategies.”

With online business meaning that most companies are floating on an ocean of sensitive data, such endpoint protection – which also includes the ability for devices to be searched for credit-card numbers or certain other types of sensitive information – is becoming a key enforcement tool for companies to meet their Privacy Act obligations as well as the requirements of data-protection standards like the Payment Card Industry Data Security Standard (PCI DSS).

Expanded endpoint-security monitoring is only one approach to better data security: for its part, security provider Tenable Network Security recently released its own take on PCI enforcement with the launch of its Tenable Continuous PCI Compliance Monitoring tool, which continuously monitors 75 percent of PCI DSS controls and reports on the company's compliance at any given point in time.

“Organisations, from big retailers to credit card payment processors, are targeted daily by cybercriminals because of the large amount of sensitive data passing through their networks and point-of-sale systems,” Tenable chief product officer Dave Cole said in a statement.

“Retailers can minimise the likelihood of a breach by integrating continuous PCI compliance monitoring into their overall security strategy, but too many organisations view PCI as a burden and treat compliance like a once-a-year project. Tenable makes it easy for security teams to deploy a comprehensive security program to adhere to compliance requirements, but more importantly, to better protect customer data from breach and theft on an ongoing basis.”

Recent studies suggest that potential compromises of sensitive data are a growing concern for a populace that is rapidly moving to embrace mobile commerce. The recent PayPal mCommerce Index, for example, found that 71 percent of Australian respondents were using their mobiles for making payments, and that 22 percent spend more than $500 per month via their mobiles.

Data security was a significant concern for mobile and potential mobile shoppers, with 46 percent citing it as a reason they weren't shopping online from their mobiles; those indicating security was a concern spent 24 percent, on average, less than those were did not.

Even as mobile shoppers rally around security as a key enabler for commerce, a recent Mimecast survey found that 91 percent of businesses recognise malicious insiders as a major threat to the company's security. Despite this, 40 percent of the Mimecast respondents said their business was unprepared to deal with those threats.

Ferguson highlighted five key areas to help businesses leverage their endpoint protection strategy to better protect internal data. These include user education; the ability to geotrack company assets that contain sensitive information; clear policies about employee use and movement of mobile assets; careful control over installed applications; and the ability to remotely audit installed applications, wipe and disable devices remotely, monitor remote usage through regular screenshotting, and encrypt data on remote devices as necessary.

“If you've put these measures in place, when it comes to cleaning up a breach or potential fines, you can demonstrate that you mitigated against those actions,” Ferguson said. “The software is out there and this can be done – but it needs to be done before the event and not after.”

Join the CSO newsletter!

Error: Please check your email address.

Tags Absolute softwareEndpoint ProtectionRick FergusonsolutionsPayment Card Industry Data Security Standard (PCI DSS)security breachprivacysensitive dataCSO Australianetwork securitysecurity concerns

More about Absolute SoftwareCSOCylanceMimecastmobilesPayPalTenableTenable Network Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts