Growing Tool Soup, Malicious Cyberattacks, and Lack of Governance Tracking and Controls Demand DRM
If you have ever sent a piece of sensitive content to a third party as a part of your job, this report is for you. When you pressed Send or Share, you likely didn’t think at all about the security and compliance implications of what you were doing. But such an action presents increasing risk to organizations every year. The 2023 Kiteworks Sensitive Content Communications Privacy and Compliance Report checks in to see how companies are doing as they share such content with thousands of other entities.
For the second consecutive year, Kiteworks surveyed almost 800 IT, security, risk, and management professionals to gauge how they are managing privacy and compliance risk as related to sensitive content communications. Sensitive content is at the core of business and operations at every organization—and a vital lifeblood for many. Unfortunately, whether the content is inadvertently sent or shared with individuals or organizations who should not have access to it, or it is intentionally hacked by malicious cyber actors, the financial, brand, and regulatory implications can be dire.
Since the security of sensitive content communications has fallen through the cracks in the past at many organizations, those that take it seriously have the opportunity to make a big contribution in the coming year in improving their overall risk profile. Important areas of focus for 2023 should include:
- A holistic approach to compliance: As a patchwork of rules comes online in different jurisdictions—including from state to state in the U.S.—organizations need to shift their focus.
- Taking a DRM approach: It is critical that organizations take a holistic approach to categorizing data in a granular way, and making each category easily available to those who need it to perform their duties according to role—and unavailable to all others.
- Insider threat protection: Employees and others with access to internal systems are responsible for nearly one in five of data breaches. By classifying and segmenting data and restricting access to specific data types by role, organizations can protect against malicious, well-intentioned, and accidental data disclosure by insiders.
- Comprehensive security protections: Cybercriminals and rogue nation-states recognize the value of sensitive content and are targeting vulnerabilities and gaps in security regimens employed by communication tools used to send and share that information. Understanding and vetting the security capabilities of your communication tools are critical. Reviewing these against top priorities found in this report is a great starting point.
For organizations to operate, they often must share sensitive content with hundreds or thousands of third parties—not to mention enable internal first parties to send, share, collaborate, and store that information. The movement of this data presents tremendous risk, and securing these transfers in the Era of Compliance should be a priority at every organization. Securing sensitive content communications should be a priority alongside network, endpoint, and application security—and the security of data stores where sensitive content is at rest.
At many organizations, this remains one of the biggest security gaps they face. The Kiteworks Private Content Network (PCN) unlocks advanced DRM by helping organizations track and control all sensitive file and email data communications in a single NIST CSF-aligned platform.