Critical and personal data can be leaked from a company in many ways: learn how you can mitigate the risk of data loss.
Data Leakage
In today's global business environment, organizations need real-time access to data, but with increased insider risks and targeted external threats, there is a fine line between enabling access to information and protecting it. Both the business and IT environment and threat landscape continue to evolve.
From reputational damages to economic sanctions, the negative consequences caused by data leakage are here to stay.
Often, a single incident of this kind is able to erode a company competitive advantage, or to undermine the confidence of customers and exposes the company to fines by the authorities.
The problem is further intensified with the increasing use of devices and the easy access to file sharing software and social networking phenomena that have generated new sources of data leaks.
The scope for data leakage has become very wide, not just limited to email and web. Surely, you have heard to stories of data loss from laptop theft, hacker break-ins, malicious employer, back up tapes being lost or stolen, and so on. How can we defend ourselves against the growing threat of data leakage attacks via all the possible channels? Many manufacturers have products to help reduce electronic data leakage, but do not address other vectors.
Even through a simple function such as the Print Screen button or the Snipping Tool, it becomes possible to capture sensitive information to be exported outside the company.
What is data leakage?
Data Leakage, put simply, is the unauthorized transmission of data (or information) from within an organization to an external destination or recipient. This may be electronic, or may be via a physical method. Data Leakage is synonymous with the term Information Leakage. The reader is encouraged to be mindful that unauthorized does not automatically mean intentional or malicious. Unintentional or inadvertent data leakage is also unauthorized.
Type of data leakage
In order to implement the appropriate protective measures, we must first understand what we are protecting. Based on publicly disclosed Data Leakage breaches, the type of data leaked is broken down as follows:
- Confidential information: 15%
- Intellectual property: 4%
- Customer data: 73%
- Health records: 8%
Internal or external threats
According to many surveys compiled during the last years, almost half of Data Security breaches are from internal sources compared to the remaining by external hackers.
Organizations are still at risk of intentional unauthorized release of data and information by internal users. The methods by which insiders leak data could be one or many, but could include mediums such as Remote Access; Instant Messaging; email; Web Mail; Peer-to-Peer; and even File Transfer Protocol. Use of removable media, hard copy, etc is also possible. And, finally, the Screen Capture features existing in all the Windows PCs can be a way to grab still images containing critical pieces of information.
Motivations are varied, but include reasons such as corporate
espionage, financial reward, or a grievance with their employer. The
latter appears to be the most likely. According to a study conducted
by The US Secret Service and CERT, 92% of insider related offences
was following a “negative work-related event”. Of these, the
offenders were predominantly male (96%) and the majority held
technical roles (86%). Whilst the consequences of these attacks
related not just to data, of the attacks studied, 49% included the
objective of “sabotaging information and/or data”.
