During 2020, on average every person created at least 1.7 MBs of data per second and around 44 zettabytes of data in terms of the complete digital world. Today, the amount of data we create, distribute, analyze and sell has been increasing at an incredibly fast rate. Due to this increase of potentially sensitive data, the attack surface of each organization has started to become more difficult to manage. Data breaches have become increasingly common and information leakage can appear through accidents, physical data leakage, and malicious internal or external actors.
What is data leakage? How does it differ from a data breach?
Data leakage is when there is an unauthorized transmission of data within an organization to an unintended external or internal recipient. Data leaks can be physical or digital and can happen maliciously or accidentally. A data breach is when malicious actors are able to come in and exfiltrate that data.
Types of Data Leaks
1. Accidental Data Leaks
You would think accidental data leaks would not be that common, however, there can be many situations where a data leak can occur by mistake. Examples can include: an employee pastes technical and confidential data in an online code repository (like Github), an improperly configured s3 bucket leaks sensitive employee data, and shared docs end up on the web through improper permissions.
2. Malicious Communications
Threat actors can try to get information from employees through malicious communications through spear phishing.
3. Ill-Intentioned Internal Employees
This case occurs when employees are disgruntled and want to damage the business. The employee or former employee decides to leak information, depending on the business and their permission level. An example of this would be an individual leaking their personal credentials on a dark web forum. Through this method, the employee can seek a financial opportunity and sell the data or leak the data for non-financial reasons. Other examples of sensitive information could include company-related confidential information such as IP, software code, key financial KPIs, and information on mergers and acquisitions.
4. Physical Data Theft
A physical data leak can be malicious or accidental. Examples of physical data leakage dropped USB drives, stolen computers, or targeted perimeter breaches.
Now that you have an understanding of the main types of data leakage, let’s get into the ways you can prevent this leakage from happening.
How Can Your Organization Ensure Data Leakage Prevention?
1. Monitor Vendor Security Posture
Two of the most essential ways you can learn about your vendor’s security posture is by checking to verify their security with certifications such as the SOC2 and additionally constantly reassessing the compliance of such cybersecurity measures. Typically you can have a questionnaire and forms asking where the vendor’s data is hosted and what security measures the organization has taken to ensure its safety.
2. Encrypt All Data
Encryption can exist at two intervals for data, the first is data at rest and second is for data in transit. When either of these types of encryptions is not being used, your data is susceptible to malicious actors. Thus, it is essential for businesses to have solutions that encrypt their data at both stages rather than just for one.
3. Monitor All Network Access
Wit this measure, your organization monitors who is accessing data, a system, or application and what they are doing in that situation. Organizations must monitor and control access to any system application, server, or device and log valid and denied attempts. As the organization creates these logs they can use tools or platforms to monitor anomalies and remediate any risks. One example of a model that can incorporate this methodology is the zero trust model.
4. Identify All Sensitive Data
Organizations can put in place processes that identify all the software, solutions, and platforms they use. From there, organizations must identify which data is stored where and then classify that in terms of sensitivity risk. The classification of data can be through law and regulation. Examples of data sets that are more regulated include credit card numbers and personal information. Organizations can also have classifications for internal secrets and network information. An example of this kind of data could be credentials that give access to a system or a network plan that can give a pathway to a malicious actor.
5. Secure All Endpoints
Your organization’s infrastructure can have endpoints that are accessible externally and internally. The premise of this method is to protect all endpoints by having a complete understanding of your endpoints and data, patching vulnerabilities, and by monitoring and reducing your attack surface.
6. Evaluate All Permissions
Organizations have to create systems that only give permissions to individuals that need that access. For example, the IT team does not need access to the financial reporting for the quarter. One of the first ways of creating a proper permissions based hierarchy is to understand what data you have, classify its sensitivity, and then grant permissions to staff. A special consideration for highly sensitive data can and should also be implemented.
7. Employee Training and Awareness
In many cases, employees are not aware of their actions and their consequences, thus it is essential to do training for cybersecurity awareness and hygiene. An organization can do this by providing training internally or hiring a specialized training firm.
By training your employees, you help them understand ways to mitigate digital risks. Ideally employees prioritize data security and privacy through avoiding phishing links, unsafe browsing, and downloading attachments. Employees may still make mistakes, and in those situations it is great to have a digital risk protection software/platform that can find these vulnerabilities.
8. Monitoring of Cloud Services
Employees, consultants, and third parties can use a number of cloud services, and all of these use cases could be considered to be out of your conventional “perimeter.” One of the biggest risks with cloud services that we’ve observed is cloud misconfigurations. As this data is outside your perimeter, employees can accidentally easily make that content public making the data available for malicious actors to exploit. Misconfigurations can be company-wide or project-based, so organizations must be monitoring its cloud services at all times.
There are three avenues a company can take to protect its cloud data:.
- Make sure you use the best security practices for your cloud services. This includes making sure that you are properly configured, applying and adjusting permissions, having alerts set up for any changes, etc.
- Use cloud security tools such as a CASB to help you identify any issues in your systems. These tools can integrate in your ecosystem and ensure that you have a complete internal understanding of your cloud risk.
- Lastly, if there is data that does get through the first and second security measures, an external attack surface management platform like Flare can help you find those vulnerabilities and remediate risk.
What If Your Data Leaks Anyway?
After all of the preventative measures we’ve listed, it’s still possible that an accidental or malicious data leak may occur. Where can that data end up and how can you detect that data before it ends up in the wrong hands?
If your data has leaked it is possible that it ends up on sale on the dark web. In that case, leaked credentials can lead to account takeovers and targeted attacks. As leaks can happen at any time and are increasing due to an increasing attack surface, having data leakage detection in place is key.
Using a digital risk protection software like Flare will detect leaked data immediately and continuously monitor your external attack surface. Examples of external attack surface monitoring include data leaked on anonymous sharing websites, Github, etc. In the case your data has leaked to the dark web, a dark web monitoring service can help you find that leaked data before it is used maliciously.
Learn More About Data Leakage and Digital Risk Protection
Download our guide to learn more about digital risk protection and how we use external attack surface monitoring to detect data leakage and protect your data.
