In today’s news cycle, it has become almost routine to read about massive data breaches and leaks impacting large corporations and millions of customers worldwide. Every few weeks, a news story breaks with another organization losing sensitive user data, intellectual property, trade secrets or other private information to threat actors looking to profit or gain notoriety on dark web communities.
The volume of these breaches and subsequent data leaks is staggering. According to a mapping exercise conducted by The Verge with data collected from Have I Been Pwned, it is estimated that nearly 8 billion account usernames have leaked online from roughly 500 separate breaches since June 2011. To put that into perspective, that’s larger than the estimated global population.
This data suggests that even as technological advancements and policy changes are made to improve security, breaches can and will occur – mistakes are made, things break, vulnerabilities are exploited, etc. Therefore, cybersecurity must do everything in its power to help organizations navigate today’s reality of risk and instability, working proactively to prevent breaches and taking swift action to mitigate the damage done if data leakage occurs.
Let’s examine what exactly constitutes data leakage, its causes, and what security organizations can do to protect the business and its customers.
What is Data Leakage?
Data leakage refers to the unauthorized transmission of sensitive information from inside a privileged access point. Often a data leakage event occurs when sensitive data is compromised and exposed to the public (or untrusted group) via online channels.
Both the short and long-term impacts of data leaks can be devastating for organizations in the business of managing sensitive customer data. Regulatory fines, PR costs, legal fees and stock price drops can make an immediate impact. However, the reputational damage, loss of control over intellectual property (IP) and reduced customer trust in the brand can have lasting effects that can cost an organization millions in lost revenue over time.
How Do Data Leaks Happen?
Data leakage can happen from adversaries working inside the organization or accidental exposure events (such as an employee losing a hard drive or forgetting to log out of a computer at work). However, many of the more newsworthy occurrences of data leaks happen due to a prior data breach or unauthorized access of a private network, account, system or database perpetrated by threat actors.
In order to obtain access, threat actors employ many common tactics like phishing, spear phishing, social account impersonations, social engineering or leverage credentials and PII from prior data leaks to their advantage.
After an environment is breached, malicious actors may attempt to covertly copy or transfer sensitive data (i.e., exfiltration), install ransomware to lockout data owners or even delete critical files or code.
Once a threat actor makes off with the spoils from a successful breach, they will often seek to monetize the stolen data on criminal dark web marketplaces where leaked information is bought and sold for nefarious purposes (such as identity and credit card theft). These illicit transactions can be quite lucrative. According to Privacy Affairs, the average going rate for stolen online banking account logins can range from $40 to $120 each.
In other cases, data leaks may even show up on dark web hacker communities free of charge.
Types of Information Found in a Data Leak
With sensitive and confidential information being such a hot commodity on the dark web, it is essential to consider the many types of data threat actors look for during an attack. These are what often appear in a data leak.
Common types of information found in data leaks include:
- Personally Identifiable Information (PII) – This is one of the most common types of information to appear in a data leak. PII pertains to any records or information that can be used to identify or locate a person. These include names, physical addresses, phone numbers, social security numbers, email addresses, etc. PII is often exploited for use in identity theft, fraud and scams.
- Financial Data – This includes any data that pertains to a person’s banking or finances, including credit card numbers, bank records and statements, tax information, receipts and invoices, etc.
- Account Credentials – This includes user account login information such as usernames, emails, and passwords. Compromised credentials are often the most sought-after commodities as threat actors can leverage them to perform social account takeovers (ATOs) and subsequent data breaches of guarded systems.
- Medical Information – This includes any private data created and housed by the health care provider that may disclose the mental or physical condition of a patient.
- Company, Federal or Business Information – This includes internal, non-public facing information created and housed by a corporate organization or Federal entity. For example, this may consist of internal communications, performance metrics, classified records, meeting notes, company roadmaps, HR records, or other critical business information.
- Trade Secrets and Intellectual Property (IP) – These are some of the riskiest items exposed in a data leak because they pertain to highly secretive and guarded information that could put a company’s livelihood at stake. This includes classified research, plans, patents, testing material, designs for upcoming projects, documentation for scrapped or unfinished products, source code for proprietary software and technology, strategic company information and others.
Why Does Data Leakage Occur?
Despite increased public scrutiny and estimated worldwide spending on information security and risk management technology and services reaching a forecasted $150.4 billion this year, data leakage continues to happen at an unprecedented rate.
First, while the adoption of digital transformation and shift to cloud-hosted services have enabled new modes of digital engagement for employees and customers, it has brought about new challenges and external risks for organizations that attempt to manage these processes at scale. With more speed and innovation comes more operational and process gaps, more user errors, more security management policies to update, and less oversight over critical asset vulnerabilities. Combine this with organizations housing enormous sets of sensitive user entrusted data and the situational reality becomes more apparent.
Second, this reality is no secret to the criminal underworld. Threat actors are increasingly adept at compromising systems, often using social media, email or fraudulent domains as their attack conduits. And with the rise and distribution of phishing kits that significantly lower the technical barrier for adversaries to quickly stand up and execute an attack, infosec faces many challenges in the fight to keep data secure.
How to Mitigate Risk From Data Leaks
So what can be done to protect the organization better? Beyond investing in employee education, updating security policies, and following best practices to avoid accidental threats to data, security teams should use Digital Risk Protection and Threat Intelligence solutions to monitor, identify and remediate data breaches more efficiently. This will enable them to mitigate or prevent damage done from subsequent data leaks.
- Monitor social media threats – Social media monitoring can help to provide early detection of threats and risks such as phishing attacks on employees/customers, malware distribution, impersonations, suspicious employee activity, credential and PII exposure, etc.
- Combine human research with AI – It’s best to rely on AI-based models to help automate and scale the collection, processing and alerting of threat indicators detected on the public attack surface. Additionally, security teams should leverage human experts to enrich alerts and provide deeper insight and analysis of threat actor trends and vulnerabilities.
- Monitor deep and dark web activity – With visibility over deep and dark web activity, security teams can get early warning of credential compromise, adjacent data leaks, planned attacks, brand abuse, executive mentions, etc., enabling them to take corrective action quickly.
- Continuously assess vulnerabilities – Security teams should constantly assess and monitor exposed IT and cloud assets (such as servers, web hosts, databases, virtual machines and more). This allows them the opportunity to quickly find and remediate potential vulnerabilities before they can be exploited.
The never-ending war to keep data secure will rage on as long as customers continue to entrust public and private organizations with their information. However, with the right processes, technologies and knowledge in place, security teams can stand a fighting chance to prevent data leakage today and stay out of tomorrow’s next headline. Learn more on the next steps to identify breaches and data leakage and request a demo to see precisely how ZeroFox can step in to help you along the way.