“Leaked data falls into 4 types,” says Peter Gordon from SANS Institute: confidential information, intellectual property, customer data and health records.
Data leakage, however, is not limited to deliberate efforts of cyber espionage. In fact, a surprising amount of it tends to be the result of human error–well into the 90th percentile for insider threats. That means a bulk of insider data leakage is unintentional.
Regardless of intent, leaked data can have a devastating financial effect on an organization.
IBM recently released a report entitled 2017 Cost of Data Breach Study, an independently conducted study by Ponemon Institute. In the report, 419 companies surveyed from 11 countries and 2 regions reported the average cost per data breach incidence is $3.62M US / €3.1939M EU.
That distils down to $141US / €124.404 per record leaked.
The number of records compromised per incident ranged anywhere from 2,600 to 100,000.
Countries and regions included in the study were: The Association of Southeast Asian Nations (ASEAN) [Singapore, Indonesia, the Philippines, Malaysia], the U.S., U.K., Germany, France, Italy, Japan, Australia, India, Canada, Brazil, South Africa, and the Middle East [the United Arab Emirates and Saudi Arabia].
While traditional data leakage threats continue throughout the public and private sectors, a bulk of the problem can now be found in IT. Information equals money. People will go to great lengths to get it–even those outside of crime syndicates.
In this article, Blueliv will discuss Data Leakage detection.
Our Data Leakage module is part of a complete Threat Intelligence Enterprise Solution. It alerts organizations to global cyber-security threats on a global scale, allowing you to implement targeted strategies to protect business-critical data.
What is data leakage exactly?
To begin, let’s define our terms:
Data Leakage is the unauthorized transfer of classified information, including confidential records, from a computer or data center to the outside world. It can be intentional or unintentional. It can come from insiders or outsiders. It can be as straightforward as removal of physical items such as a disk or computer, or it can be code concealed within a body of text (also known as steganography).
Regardless of the form data exposure takes, it’s detrimental to productivity and can wreak financial havoc on a company’s finances and reputation. The good news and there is some, is that risk may be greatly diminished through awareness and education.
Let’s dig further to understand the varied ways data is leaked.
Ways data gets leaked
Threats come from parties within or without firewall boundary lines. Here’s a sampling of how data is leaked:
Threats from Insiders
Internal threats come from people who have access to information silos within your enterprise. The word “threat” can be misleading and actually sound malicious, but the reality is a very small percentage of insider leaks are actually deliberate or malicious. In their 2007 report–a widely read and respected work–The SANS Institute claims deliberate malicious data leaks are less than 1% of all incidences. These tend to come only from disgruntled employees after an incident.
Messaging | email
This doesn’t have to be any more complex than something revealed inadvertently to a person within your organization with the wrong security clearance. It can also come in the form of social engineering, where an employee clicks a bad link or opens a bad file, and a malware worm injects into your network.
Workforce supervision and exit strategies
Security and database access fall under this umbrella. Tight restrictions on contractors and removal of access rights when a contractor or employee with a high-security clearance exits the organization. Failure to retrieve devices and such has resulted in problems later.
Yearly Internet security awareness training for all employees–even those with technical savvy–resulted in a 40% reduction in exposure to problems like phishing.
Antidote: data security education and culture
A sound data security culture involves building awareness and mindfulness. Employees need to employ realistic trust strategies and receive clear, actionable guidelines in order to succeed. The biggest threat inside the walls of your digital infrastructure is the human one. Breakroom chatter, careless mentions of trade secrets, and unsupervised traffic of documents and electronic equipment provide unwanted opportunities for leakage.
Security awareness training is the key to eliminating this type of threat and securing the inside perimeter for an organization’s success. But along with training–monitoring tools–can allow early detection, the ability to identify the precise nature of what has been leaked, and bring about a quicker resolution.
The same holds true for your company’s external data protection strategy.
Data Leakage Threats from Outsiders
Of course, the classic data threat is an intrusion from outside of your digital infrastructure. These tend to be criminal in nature and involve malicious software.
Criminals use social engineering to leverage these infiltrations. Did you see the movie Black Hat? It’s the IT Admin’s nightmare. A woman steps up to the receptionist’s desk with a thumb drive and asks her to “print a clean copy of her report” before a high-profile meeting because the original had coffee stains.
In actuality, the thumb drive injects malware that drains a bank account of hundreds of millions of dollars and sets off a chain reaction that ends up in a power nuclear plant.
Exposure of sensitive data can be just as horrible if you’re a banking institution, a retail chain, or a medical provider. And it’s not even necessary for an outsider thumb drive.
Social engineering relies on human error and triggers people into breaking normal security protocols.
Criminals rely on trust to infiltrate and pounce when the end users let their guard down.
Back in January, Insight.com reported the number of workers using their own devices (BYOD) in the workplace had reached 67 percent by 2013. The 2016 figure for BYOD was $35.1B US/ €30.61B EU, and it is estimated to double to $73.3B US/ €63.92B EU by the end of 2017. That includes the use of personal smartphones and tablets. While companies are saving enormous amounts on the purchase of devices, there is a corresponding greater risk of exposure.
The risk is even greater when you consider the recent rise in the number of remote workers. In December 2016, Flexjobs reported the number of people in the UK now working at least part of the time from home rose to 4 million.
The following strategies that target data leakage issues are addressed in the Blueliv Threat Intelligence Enterprise Solution modules:
- Targeted Malware
- Phishing & Cybersquatting
- Rogue Mobile Apps
- Credit Card Theft
These tools allow you to detect movement of your data across the Internet so that you can monitor your privacy.
Implementation of Data Tools
Blueliv scours the web, detecting and identifying data that could represent your organization’s leaked information. Having the ability to detect possible leaks–from 3rd parties, audits, consultants, and even business partners–will enable you to respond early and aggressively to mitigate situations.
Our module combs through the Internet, deep Internet, and peer-to-peer networks detecting documents with information about your organization. It finds lists of restricted use and confidential information that has worked its way into public access.
This knowledge allows your organization to take appropriate steps and protect vital data assets.
The larger your population, the more complex your risk landscape becomes. Through education and brisk, well-defined policies you can keep your people on track. But education is not enough. Having the right tools allows you the ability to see much further and potentially ease problems of the past while keeping ahead of things now with so many personal devices in the enterprise mix.
Our tools integrate into systems that you already have in place. Find out how Blueliv Data Leakage module can alert you to leaks of your confidential information.
“The unauthorized transfer of classified information from a computer or data center to the outside world. Data leakage can be accomplished by simply mentally remembering what was seen, by physical removal of tapes, disks, and reports or by subtle means such as data hiding (see steganography).”
SANS Institute | InfoSec Reading Room
Data Leakage – Threats and Mitigation