Losses from recent data breaches at popular retailers could have been less severe if those companies had stronger security monitoring processes. Although most of those retailers had some monitoring in place, they lacked a process to report anomalies and take appropriate action.
The highest profile attack happened via a third-party provider that had access to the retailers internal network. The attacker compromised the third party and placed malware on the point-of-sale systems. Because access to those systems was not monitored, the attacker was able to take credit card information during the busy holiday shopping season.
Having data leak/loss prevention (DLP) in place to monitor network intrusions may have notified the affected companies the first time the attackers tried to send customer information outside of the organization. DLP is a system-based response to data loss risk that is deployed to prevent sensitive or proprietary information from leaving an organizations control. By drawing the right correlations to identify data loss as a relevant risk and then associating DLP as the appropriate solution, internal audit can help drive meaningful protective measures into their organizations' IT infrastructures.
Considering the Risk
CAEs need to assess whether their organizations could be exposed to data leakage that would necessitate a DLP response. As with any risk area, what internal audit doesn't know may hurt the most. If the organization's IT governance structure is nonexistent, in its infancy or anywhere in the evolutionary curve, data loss risk is likely.
Organizations facing greater risk include software companies, data analytics firms, health-care providers, and companies that store consumer demographic information beyond cardholders' data, such as their locations and preferences. Also at high risk are companies that rely on third parties for heavy data analytics, such as telecommunications, retail, and consumer product companies. The bottom line is that data loss risk should be considered in internal audit's risk universe.
How DLP Works
DLP typically is a process paired with software- and system-based business rules that collectively control how various data types are used. Most DLP solutions have a way to tag or detect data that requires protection, a way to monitor that data whether at rest or in motion, and a way to protect that data.
DLP is not one specific piece of software, but instead a series of actions taken by management...