Proper identification and detection of a significant incident is important; but what then? In the event of a significant incident, Withum maintains highly experienced certified experts to appropriately handle incidents on a 24/7/365 basis.[See Withum I.R.I.S.®and AWithum CFI/e-Discovery™for additional information.]
Businesses and organizations of all sizes must identify, monitor, and protect confidential, trade secret, and customer information. Although protecting sensitive data may seem obvious, several organizations live in ‘blissful ignorance’, suffer from groupthink, and/or adopt an ‘ostrich with its head in the sand’ strategy.
Similar to a professional boxer in a fight who gets knocked out because they fail to see a strike coming, the biggest impacts an organization takes are the ones they never see coming. Organizations often do not understand and miscalculate the real risks and impacts associated with data loss/data theft.
Internal Data Theft
Employees and vendors misappropriating data is a huge problem – a very serious issue for organizations. Withum recently supported a major incident involving a company’s employee who downloaded their trade secrets and confidential information prior to departing to their competitor. Information included highly sensitive customer information and personally identifiable information (“PII data”), e.g. social security numbers, dates of birth, address, phone numbers, health records, etc. Trade secret information included but was not limited to company strategies, underwriting materials, flowcharts, algorithms, screenshots of highly sensitive display materials, internal controls and architectures, and much more.
Another example includes a Pfizer global marketing executive who surreptitiously downloaded 600 confidential files from her former employer to a USB drive, as well as forwarding company trade secrets and other confidential information such as strategic marketing plans, sales information, marketing budget data, and market research.
External Data Theft
Many data breaches can be averted. Often, there are several indicators prior to a major data breach that goes unnoticed by inexperienced IT/IT security practitioners. External intruders not only need to pierce the environment, but they also need to exfiltrate company confidential data. In order to properly secure an organization from external threats, an organization must secure the environment from “internal” threats.
How Can We Help?
Withum has extensive global expertise in data loss prevention. We provide complete end-to-end solutions from strategies, managed data loss prevention services, security control capabilities, to identification, detection, reporting, and incident response, as well as providing critical evidence collection and support for internal/external legal teams (if necessary).
A commonality among virtually all data theft/data loss incidents is that they are detectable and preventable. Proper deployment of data loss prevention controls requires a level of genuine security expertise and proven experience.
Based on our expertise in deploying data loss prevention solutions, active SOC monitoring of client data, and supporting these matters globally across a wide array of businesses of all sizes and types, as well as being supported by virtually all independent research, the benefits of proactive data loss prevention far outweigh the impacts involved when an organization suffers from internal and/or external data loss.
Withum Managed Business Protection™ (MBP) is an affordable, yet highly effective security solution scalable for small‐to‐medium sized organizations to global enterprise‐class businesses. It is the only service that offers globally proven confidential data protection, internal and external threat protection, expert data forensics, industry-leading anti‐malware, anomaly, advanced persistent threat, and intrusion detection technologies.
Withum e3 Red Team® How effective is your organization’s security and response? Does senior executive leadership really understand the organizational risks and potential business impacts if such risks are exercised? Are some security controls simply ineffective, unnecessary and just wasteful spending? Withum e3 Red Team® mimics both external and internal threats to your organization. It is a capability that safely; but effectively test your organization’s overall security posture, policies, procedures and response in the context of their operational environment and from an adversary or hostile competitor’s perspective. Withum e3 Red Team® delivers realistic exercises designed to diagnose the health, safety and effectiveness of your overall security program.
Withum Quick Read™:
Expert Security Services offers optional services designed to provide an immediate statement of business risk, together with summary solution considerations. They consist of four complimentary services:
Withum Intellectual Property Assurance (IPA)™provides a quick assessment of your organization’s data to answer three critical questions:
- Where is my data?
- How is it being used and how do I prevent its loss?
- Is there a broken business process and if so, who are the key offenders?
Withum Incident Response Investigatory Support® (Withum I.R.I.S.)® is designed as a single incident high-tech forensic assessment. Withum I.R.I.S.® will provide summary considerations for remediation, as appropriate.
Withum Physical Security Assurance™ (Withum PSA™)provides a targeted risk assessment or a single incident assessment related to infrastructure and non-data related security concerns. Withum PSA™ will provide summary considerations for remediation, as appropriate. For data related security concerns, see Withum I.R.I.S.®
Due to some concerns with our former IT consultants, we began searching for a new provider. We chose Withum's Cybersecurity team, as their services range from providing IT Consulting and IT Security, to incident response and forensics. Before officially hiring them, Withum performed an extensive assessment of our entire environment and recommended changes and enhancements. I was very impressed by their analysis and immediately understood how sophisticated their security is compared to where we were at the time. We made the change and although change is always difficult, Withum made it as seamless as possible.
Cyber Real Estate Development Company, President
Market Leader, Cyber and Information Security Services
Cyber and Information Security Services, Virtual Chief Compliance Officer (vCCO), Data Privacy