Every company recognizes the value of its revenue-generating products. However, sometimes, businesses delay implementing adequate measures to protect their achievements. A case in point is a company that engaged me for cybersecurity consultancy. They started losing customers rapidly, each loss costing them up to a hundred thousand dollars, while their competitors launched a product very similar to theirs.
Recognizing the threat
This incident happened several years ago. The company had long been a key supplier to major polymer-producing corporations. Yet, they lacked a dedicated unit for information protection, relying solely on basic physical security measures like access controls, video surveillance, and random employee checks. Gradually, they realized that their competitors might have accessed some of their proprietary information. It became evident that their data was more at risk than their physical assets - machines and equipment. This realization later led to the establishment of a dedicated security department and enhanced measures for information protection.
A strategic move to implement DLP
On average, it takes about 85 days to detect and contain an insider threat incident. Furthermore, only 12% of incidents involving insiders are resolved within a span of less than 31 days. DLP systems have significantly reduced insider threats across various industries. According to a recent study, organizations using DLP systems saw a 58% reduction in internal data breaches within the first year of implementation.
So, to address user activity monitoring and prevent data leaks, I recommended implementing a Data Loss Prevention system.
Data Loss Prevention comprises a suite of tools and processes designed to safeguard sensitive information from being lost, misused, or accessed by unauthorized individuals. DLP software categorizes data into regulated, confidential, and business-critical types and detects policy breaches, either set by the organization or defined in a standard policy pack, often guided by compliance requirements like HIPAA, GDPR, or PCI-DSS. When such breaches are spotted, DLP takes corrective action through alerts, encryption, and other security measures, thereby preventing users from inadvertently or intentionally distributing data in a way that could jeopardize the organization.
DLP systems vary in their approach to protecting trade secrets: some preemptively block communication channels to prevent leaks, while others track digital footprints to reconstruct incident scenarios if needed. In this particular case, since a leak had already occurred, our focus was on identifying the culprits. Therefore, the analytical capabilities of the DLP system were our primary consideration.
Detecting the culprit
To determine how competitors were accessing the production secrets, it was crucial to monitor key communication channels like email and corporate instant messaging. Shortly after deploying the DLP system, I identified several suspicious emails, marking a significant step in the investigation.
One of the employees was caught directly emailing competitors from his work account, sharing design and commercial documents. Numerous facts suggested he was not acting alone. However, the company, being an industrial enterprise, had few office workers. Most employees worked on production lines and did not use PCs, making it challenging to monitor them technically. Yet, by this point, the DLP had gathered sufficient data to shed light on the situation.
Drawing from my experience, I made a bold move: together with the owner, we confronted the insider, presenting evidence of his misconduct. The strategy paid off. He immediately confessed and named his co-conspirators. Some employees were physically removing important equipment components and aiding competitors in producing counterfeit products. Interestingly, many involved seemed unaware (or feigned ignorance) of the illegality of their actions. To them, it was just a side job, and they saw nothing wrong with taking equipment for this purpose.
Regaining trust and market position
Uncovering the scheme was just the beginning. To offset the losses, the owner decided to decisively outmaneuver his competitor and stop them from using his stolen developments. He reached out to his former customers, who initially were cold due to the competitor's active slander. The goal was to mend relationships and expose the competitor's unethical practices. Armed with substantial evidence of industrial espionage, he managed to win back his customers. Soon, this information reached the competitor's investors. Valuing their business reputation, they chose not to associate with illegal activities, effectively isolating the competitor. Within a few months, the competing company lost funding and was closed.
The positive impact of DLP and awareness
Initially, I believed that surveillance should always be covert. However, this incident changed my opinion. Awareness among employees that the information security team is vigilant can deter insider crimes. It is not about detailing the control methods; rather, it is crucial for employees to know their actions are transparent to their employer, which primarily influences discipline.
Following this case, the company's employees started making fewer data handling errors and improved their time management. The number of team conflicts was also reduced. DLP plays an important role by highlighting potential issues to management, who then inform department heads. This early intervention allows for resolving misunderstandings and problems before they escalate.
Now, the company no longer needs to excessively tighten controls or project a strict surveillance image. They have implemented an information security education program for all staff and specialized training for new hires, clearly communicating inviolable rules. They emphasize trust in their employees, openness to dialogue, and rely on their integrity.
This case underscores the necessity of continuous cybersecurity education. Regular training sessions on data security, phishing scams, and the importance of safeguarding proprietary information became a norm. This educational approach reinforced the technical protection measures and cultivated a culture of security mindfulness among employees, making them active participants in protecting the company's assets.
They still count on DLP to prevent data leaks, which effectively monitors and controls data transmission channels. However, the company's focus has shifted to prevention, aiming to avert problems rather than chasing them post-occurrence. This control automation frees up resources for proactive measures.
Conclusion
The experience with this company taught me invaluable lessons about the importance of proactive measures in cybersecurity. DLP systems are not just about monitoring and control but also about educating employees and fostering a culture of security awareness. This incident demonstrates that effective information security is not just about software tools – it is about technology, processes, and people working together to protect an organization's most valuable assets.