What is Data Leakage and How do you prevent it?
During 2020, on average every person created at least 1.7 MBs of data per second and around 44 zettabytes of data in terms of the complete digital world. Today, the amount of data we create, distribute, analyze and sell has been increasing at an incredibly fast rate. Due to this increase of potentially sensitive data, the attack surface of each organization has started to become more difficult to manage. Data breaches have become increasingly common and information leakage can appear through accidents, physical data leakage, and malicious internal or external actors.
What is Data Leakage? How does it differ from a data breach?
Data leakage is when there is an unauthorized transmission of data within an organization to an unintended external or internal recipient. Data leaks can be physical or digital and can happen maliciously or accidentally. A data breach is when malicious actors are able to come in and exfiltrate that data.
Types of Data Leaks
1. Accidental Data Leaks
You would think accidental data leaks would not be that common, however, there can be many situations where a data leak can occur by mistake. Examples can include: an employee pastes technical and confidential data in an online code repository (like Github), an improperly configured s3 bucket leaks sensitive employee data, and shared docs end up on the web through improper permissions.
2. Malicious Communications
Malicious emails or communications are initiated by malicious actors trying to get information from employees. In this case, employees can leak credentials but this phishing can cause specific information leaks and can lead to impersonation. The easiest way to do this is by phishing and getting email credentials.
3. Ill-intentioned or malicious internal employees
This case occurs when employees are disgruntled and want to damage the business. The employee or ex-employee decides to leak information and a number of things that could be leaked, depending on the business and permission level of the individual. An example of this would be an individual leaking their personal id credentials on a dark web forum. Through this method, the employee can seek a financial opportunity and sell the data or just leak the data for non-financial reasons. Other examples of data leaks could include company-related confidential information such as IP, software code, key financial KPIs, and information on mergers and acquisitions.
4.Physical Data Theft
A physical data leak can be malicious or accidental. Physical data leakage could include employees dropping USB drives, having a computer stolen, or could be a targeted perimeter breach.
Now that you have an understanding of the main types of data leakage, let’s get into the ways you can prevent this leakage from happening.
How Can Your Organization Ensure Data Leakage Prevention ?
1. Monitor vendor security posture
Two of the most essential ways you can learn about your vendor’s security posture is by checking to verify their security with certifications such as the SOCII and additionally constantly reassessing the compliance of such cybersecurity measures. Typically you can have a questionnaire and forms asking where the vendor’s data is hosted and what security measures the organization has taken to ensure its safety.
2. Encrypt all data
Encryption can exist at two intervals for data, the first is data at rest and second is for data in transit. When either of these types of encryptions is not being used your data is susceptible to malicious actors. Thus, it is essential for businesses to have solutions that encrypt their data at both stages rather than just in transit.
3. Monitor all network access
As the title suggests, this measure is when your organization is monitoring who is accessing data, a system or application and what they are doing in that situation. Organizations must monitor and control access to any system application, server, or device and log valid and denied attempts. As the organization creates these logs they can use tools or platforms to monitor anomalies and remediate any risks. One example of a model that can incorporate this methodology is the zero trust model.
4. Identify all sensitive data
Organizations can put in place processes that identify all the software, solutions and platforms they use. From there, organizations must identify which data is stored where and then classify in terms of sensitivity risk. The classification of data can be through law and regulation. Examples of data sets that are more regulated include credit card numbers, personal information, etc. Organizations can also have classifications for internal secrets and network information, this data could be credentials that give you access to a system or a network plan that can give a pathway to a malicious actor.
5. Secure all endpoints
Your organization’s infrastructure can have endpoints that are accessible externally and internally. The premise of this method is to protect all endpoints by having a complete understanding of your endpoints and data, patching vulnerabilities, and by managing and reducing your attack surface.
6. Evaluate all permissions
Organizations have to create systems that only give permissions to individuals that need that access. In this case an example would be the IT team does not need permissions to the financial reporting for the quarter, etc. One of the first ways of creating a proper permissions based hierarchy is to understand what data you have, classify its sensitivity and then grant permissions to staff. A special consideration for highly sensitive data can and should also be implemented.
7. Employee training and awareness
In many cases, employees are not aware of their actions and their consequences, thus it is essential to do training for cybersecurity awareness and hygiene. An organization can do this by providing training internally or using a specialized firm that trains your employees for you.
By training your employees you help them understand digital risks. Ideally employees avoid phishing links, use safe browsing, avoid downloading and executing attachments, and prioritize data security and privacy. In some cases employees still make mistakes and do not acknowledge them, and in those situations it is great to have a digital risk protection software/ platform that can find these vulnerabilities.
8. Monitoring of Cloud Services
Employees, consultants and third parties can use a number of cloud services, and all of these use cases can be said to be out of your conventional “perimeter”. One of the biggest risks with cloud services that we’ve observed is cloud misconfigurations. As this data is outside your perimeter, employees can accidentally easily make that content public and then that data is available for malicious actors to exploit. Misconfigurations can be company wide or project based, thus for organizations to be project the company must be monitoring its cloud services at all times.
There are three avenues a company can take to protect its cloud data:.
- Make sure you use the best security practices for your cloud services. This means making sure that you are properly configured, applying and adjusting permissions, having alerts set up for any changes, etc.
- Use cloud security tools such as a CASB to help you identify any issues in your systems. These tools can integrate in your ecosystem and ensure that you have a complete internal understanding of your cloud risk.
- Lastly, if there is data that does get through the first and second security measures, an external attack surface management platform like Flare can help you find those vulnerabilities and remediate risk.
What If Your Data Leaks Anyway?
After all of the preventative measures we’ve listed, it’s still possible that an accidental or malicious data leak may occur. Where can that data end up and how can you detect that data before it ends up in the wrong hands?
If your data has leaked it is possible that it ends up on sale on the dark web. In that case, leaks such as leaked credentials can lead to account takeovers and targeted attacks. As leaks can happen at any time and are increasing due to an increasing attack surface, having data leakage detection in place is key.
Using a digital risk protection software like Flare will detect leaked data immediately and continuously monitor your external attack surface. Examples of external attack surface monitoring include data leaked on anonymous sharing websites, Github, etc. In the case your data has leaked to the dark web, a dark web monitoring service can help you find that leaked data before it is used maliciously.
Learn More About Data Leakage and Digital Risk Protection
Download our guide to learn more about digital risk protection and how we use external attack surface monitoring to detect data leakage and protect your data.