What is Data Leakage?
Data leakage, also referred to as low-profile data theft, involves the unauthorized transfer of electronic or physical data from an organization to external recipients or destinations. Threat actors often leak data using email accounts or the web. They may also use mobile data storage devices like USB keys, laptops, and optical media.
Data leakage can result from purposeful insider action meant to cause harm to the organization, or as part of a bigger scheme to commit payment fraud. It can also be accidental. Cybercriminals look for various types of information in data leaks, including customer information and trade secrets. The scope and the type of leak determines the damage caused to the organization.
This article is part of our series of articles about endpoint security.
In this article
Causes of Information Leakage
Here are common causes of information leaks at organizations:
Insider threats include dissatisfied employees, former employees with access to sensitive systems, or business partners. Their motive may be economic gain, theft of valuable data, or a desire for revenge. Insiders can steal an organization’s sensitive data for financial or personal gain.
Payment fraud is an attempt to make a fraudulent or illegal transaction. Common scenarios include credit card scams, false returns, and triangle scams. A triangle scam involves an attacker opening an online store with very low prices, tricking customers into providing their payment information, and then using this payment information to buy products at other stores.
When data leaks are initiated by cybercriminals, they are usually the result of social engineering tactics. Social engineering is the use of psychological manipulation to trick victims into giving over sensitive information. Phishing is the most common type of social engineering attack. Traditionally phishing takes the form of a written message asking the user to provide confidential information or perform an action favorable to the attacker. Increasingly, phishing is performed over the phone (this is known as vishing).
Very often, attackers are after data that does not appear sensitive on its own, but can expand the list of potential victims. This poses a serious threat to data security, because attackers can easily deceive unsuspecting employees, by requesting seemingly harmless information such as phone numbers and social security numbers.
Physical Theft of Sensitive Devices
Company devices contain sensitive information, and misuse of these devices can lead to security breaches and theft of company information.
For example, a cybercriminal can use a stolen device to contact an IT administrator and claim that they have forgotten their login information. With a convincing strategy, attackers can breach the device and gain access to the corporate network.
Many data breaches are not caused by an attack, but rather by unintentional exposure of sensitive information. For example, employees might view sensitive data and save it to a non-secure location, or IT staff might mistakenly expose a sensitive internal server or cloud system to the Internet.
Malicious Electronic Communications
Many organizations give employees access to the Internet, email, and instant messaging, as part of their role. The problem is that all of these mediums are capable of file transfer or accessing external sources over public networks.
Attackers often target these communication channels and achieve a high success rate. For example, a cybercriminal could spoof a legitimate business email and simply ask an employee to send them sensitive data. If the user is fooled by the message, they could attach the requested files to the email and send them to the attacker.
What Do Cyber Criminals Look for in Data Leaks?
The majority of data leaks involve either personally identifiable information (PII) or protected health information (PHI). Examples of PII are names, social security numbers, and other personal details. PHI is defined in the US HIPAA regulation as any information about an individual’s health, now, in the past, or in the future.
Below are a few types of sensitive data that are commonly targeted in data leaks.
This is information about a company’s customers, including their names and contact details, credentials, activity history, and payment details.
What damage can it cause?
Exposure of customer information can damage both the company and its customers, cause harm to reputation, and in many cases expose a company to compliance violations and lawsuits.
This is information revealing the company’s internal operations. It can include emails and internal documents; strategy, marketing, and business plans; and business metrics or forecasts.
What damage can it cause?
Exposure of company information can provide competitors, rivals, or attackers valuable data about a company’s operations. This can give third parties an unfair advantage over the company or help them cause direct damage to its operations. Attackers can also use it to plan secondary attacks.
This is possibly the most sensitive information a company can lose in a data leak, including intellectual property, plans for future products, source code, and details about proprietary technologies.
What damage can it cause?
Exposure of trade secrets can cause a company to lose large investments in research and development and make its market offering less valuable.
This is data used by a business to derive insights about its customers or environment. This can include historical data about customers or prospects in the industry, demographic data, and models that can generate useful predictions in the company’s industry.
What damage can it cause?
Analytics is valuable to the business and so is equally valuable to an attacker. Like other types of data leaks it can give third parties an unfair advantage by exposing internal knowledge. If analytics data is not anonymized, it can have the additional impact of exposing PII.
How to Prevent Data Leakage
Ensure Timely Detection
You can avoid or reduce the fallout from a data leak by detecting improper activity fast. Ensure you receive alerts on changes to critical access or configuration parameters, and act quickly to investigate and remediate anomalies. Put in place monitoring for unusual data transfers, such as data loss prevention (DLP), and intervene early on if you discover users copying unusual amounts of data.
Classify Data according to Sensitivity and Value
To prevent data leaks, the first step is to identify which data employees are able to freely share. You should then decide who should have permission to access this data. Using data identification and classification, you can organize your data into categories, protecting sensitive data as required.
Here are a few technologies commonly used to protect sensitive data:
- Data Loss Prevention (DLP)
- Identity and access management (IAM)
- Privileged Access solutions
- Change management and auditing
- User and entity behavior analytics (UEBA)
Discover and Mitigate IT Risks
You can’t discover your most vulnerable areas unless you periodically assess your risk. To implement successful risk management and risk assessment, you may wish to use an industry standard such as the National Institute of Standards and Technology (NIST). The NIST SP 800-30 document specifies the protocols for vulnerability assessment, which can help mitigate many risks leading to data leakage.
Discover more best practices in our detailed guide to data leakage prevention (coming soon)
Data Leakage Prevention with Perception Point
Perception Point provides enterprise-grade security to protect email, web browsers, cloud collaboration platforms and proprietary apps from all types of cyberattacks.
Enhanced browser-level DLP capabilities deter malicious insiders, partners and contractors and include:
- Clipboard controls (preventing copy and paste);
- Printing controls;
- Configurable download/upload restrictions;
- Smart blur of sensitive web apps/data to prevent accidental external screen capture and shoulder surfing
- User activity monitoring and visibility into all installed browser extensions across the organization
- SaaS app login visibility, enabling the organization’s admins and security teams to view the usage of unsanctioned web apps
The all-included managed Incident Response service is available for all customers 24/7. Perception Point’s team of cybersecurity experts will manage incidents, provide analysis and reporting, and optimize detection on-the-fly. The service drastically minimizes the need for internal IT or SOC team resources, reducing the time required to react and mitigate web-borne attacks by up to 75%.
Customers deploying the solution will experience fewer breaches, while providing their users with a better experience as they have the freedom to browse the web, use SaaS applications that they require, and access privileged corporate data, confidently, securely, and without added latency.
Contact us for a demo of our Advanced Threat Prevention solutions, today.