Richard Brulik, Safetica: “people are just careless when they work with sensitive data”

Published: 31 January 2022
Last updated: 6 December 2023
Safetica

It’s quite common to think that cybercriminals act first to acquire sensitive information with the help of malicious programs or phishing campaigns. However, the reality is that employees often do not follow security protocols and expose confidential company data themselves.

The factor of human error has rapidly increased with the work-from-home becoming a new norm. People often use their unsecured personal devices to access corporate data systems and unfortunately, it takes more than a VPN to protect your connection when it comes to valuable business data.

According to Richard Brulik, the CEO at Safetica, people need a tool that would notify them whenever they’re about to break a security policy and inform the company’s administrators about the potential risk.

ADVERTISEMENT

Tell us more about the evolution of the company. What was the vision behind Safetica?

In 2007, Jakub Mahdal, Co-Founder of Safetica, lost a USB flash drive with business data and immediately realized how vulnerable company documents are. Soon, he started working on a solution to secure external drives. After a few years, he realized there was a huge market for data protection and founded Safetica – a company focused on making data protection easy and available for companies of all sizes and shapes.

On the way, the company raised strategic investment from venture capital, joined ESET and Fortinet technology alliances, and became Microsoft Partner. Today Safetica solutions help protect more than 500 000 devices against data loss and insider threats in more than 120 countries. Besides on-prem products, it introduced cloud-native SaaS in 2021.

Your Data Loss Prevention solution offers protection for thousands of users worldwide. Can you tell us more about this security measure?

We have always been opposed to traditional “heavy-duty” DLPs, which usually lead to costly and lengthy projects with uncertain outcomes. The proof of our efforts is the SoftwareReviews gold medals and being named the leader in the 2021 DLP Data Quadrant for easy implementation, integration, and administration, among other things. In 2021, Safetica repositioned towards dynamic DLP and insider threat protection, introducing the risk aspect to its products.

How does data loss usually occur in the first place?

How many times have you sent an email to the wrong person, and how often do you steal company data? The Pareto principle applies here as well. In most cases, but lower volume, data usually leaks due to human error. People are just careless when they work with sensitive data.

Often, they are plain lazy, so they’re looking for the easiest way to manipulate or transfer data. And sometimes, they just don’t know any better. Unfortunately, lack of IT proficiency is one of the key factors.

ADVERTISEMENT

The remaining 20% are deliberate leaks. Employees or contractors with malicious intent to sell data to a competitor, use the data as an advantage while applying for a new job, start their own business, or just with intentional harm – to get revenge for, like a layoff. The chances are lower than for accidental events, but the costs of malicious insider-caused incidents are 2-3 times higher – $756k on average, according to Ponemon Institute.

The most usual leak channels are email, cloud storage, USB flash drives, but also instant messengers or traditional print.

While organizations have started to recognize insider threat as serious risk, it still gets overlooked sometimes. How do cybercriminals operate using this attack method?

First, it is good to remember that an insider is anyone, usually an employee or contractor, with access to a company’s sensitive data. He or she does not have to have any malicious intent. We can imagine members of the board or management with company-wide access but also engineers or designers with access to blueprints and designs, or accounting, finance, and legal staff with access to financial plans, contracts, etc. Therefore, it is a logical effort for attackers to try to get their credentials, either via phishing, or social engineering, to acquire access to these assets. Sometimes it is easier to bribe especially disgruntled employees than to try hacking into IT systems. Therefore, it is important to evaluate the risk level of file operations and individual users to be able to spot anomalies, log, or potentially block suspicious behavior.

Did you notice any new threats coming into the picture during the pandemic?

The biggest risk is obvious – employees were forced to move to the so-called home office. Now we see that hybrid work has become a new normal, to which IT departments need to adjust their security measures. When people work from home, they tend to be less cautious, use personal devices, and connect to unsecured Wi-Fi networks. This all means that company data can move way more often between not properly patched or secured devices, networks, and file-sharing services. Cybercriminals are very well aware of that and try to leverage this vulnerable environment to break into company systems.

Why do you think companies are sometimes unaware of their own security risks?

In the case of smaller companies, it’s just a question of too many things to handle with very limited resources. Cybersecurity in general is a very complex topic. Company owners need to focus on their business, not cyber incidents, which is extremely challenging, especially in Covid times. If they have an IT admin, he or she usually needs to cover everything from keeping endpoints and servers updated and secured to refilling toner in the printers. It's overwhelming.

For larger companies, it can be naive blindness or wishful thinking that it can’t happen to them. Everyday news and headlines prove the opposite, but it’s just the tip of the iceberg. No media outlet will cover the cybersecurity incident in an average organization. Only the big names attract attention.

It’s more difficult to imagine cyber risks and threats in comparison to the broken door, a safe, or a burning building. But we need to remember that the term “virtual” means less visible but more accessible to any attacker. We live and work in a digital environment, and we need to accept that, including the related risks.

ADVERTISEMENT

With work from home becoming the new norm, what would you consider to be the most serious security issues surrounding the remote workplace?

It’s definitely challenging to keep devices updated and patched when they are constantly out of the company’s network. The same applies to managing the security of data transfers when we have no clue what router or hotspot users are connected to. In the cloud era and SaaS world, the VPN is not the best answer either.

But most of all, we must not forget about people. Many employees struggle with doing their job at home – in an environment that was not created for that purpose. There’s always something constantly disturbing their attention. The IT support desk is often unreachable. The risk of making a mistake is much higher. Therefore, people need guidance – a tool that will advise them if they are about to break the security policy and immediately notify the admin if something abnormal is happening with the company’s data.

Let’s say an employee loses a USB stick or a laptop that they use for work. What should be done to prevent important data from falling into the wrong hands?

When a laptop is lost, it is already too late. The saying Plan for the worst and hope for the best applies to data security as well. Rule number one is encryption. USB sticks and laptops are being lost and stolen constantly and this will not change. The IT manager or admin needs to be notified by the affected person as soon as possible, so she or he can lock, find, or wipe the device remotely. Together with this, the user password should be changed immediately. Rule number two is multi-factor authentication. If for any reason the lost device is unlocked, the attacker should not be able to log in to the company’s systems without another factor.

And rule number three – keep educating, training, and testing users if they remember what to do in case of any cybersecurity incident. If they know which stairs to use in case of fire in the building, they need to know what to do in case of spotting a cybersecurity threat. And, of course, they need to know how to recognize it in the first place.

Share with us, what’s next for Safetica?

We see the ongoing need for data protection made easy. IT managers are overwhelmed. They often lack human resources, hardware infrastructure, or even skills. That’s why we heavily invest in cloud-native SaaS offering, automation, machine learning, and artificial intelligence. For both of our on-prem and SaaS solutions, we’re redesigning the integration with Microsoft 365 and expanding the insider risk analysis features to address the hybrid workspace challenges.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked