If your data is leaked, instead of being lost or breached, does that make things even worse? Whenever confidential data ends up somewhere it shouldn’t, your enterprise or organisation can be damaged – financially, commercially, reputationally. To fix the problem, or better still prevent it in the first place, you need to know what happened, why, and how. People often use the terms “data leakage” and “data loss” interchangeably to describe this type of situation, but there are important differences.
In simple terms, data leakage is the unauthorised transmission of data to another person or entity. The data may still be intact in its original location: for example, it is still on your server or PC without having been deleted or modified. Nevertheless, the data is now known to or in the possession of somebody else. The unauthorised transmission need not be intentional or malicious, although that does not stop it from causing harm. Data loss on the other hand refers to data you can no longer locate or access. So, data leakage can happen without data loss, and vice versa.
However, if your data has not been destroyed or tampered with, how do you know if any data leakage or inappropriate disclosure has taken place? By comparison, data loss is clearer. The data is no longer where you expect it to be or has been corrupted to become unrecoverable. In this case, it’s obvious there is something wrong. Data leakage can be more difficult to detect.
While data is increasingly electronic, as we move to paperless offices and organisations, data leakage is not confined to computers, IT networks, or even thumb drives. Carelessness with printed documents (leaving them in plain sight on a desk, for example) or unguarded conversations about confidential matters that can be overheard are also examples of how data can be leaked. That said, electronic data is more and more likely to be the source from which leaks stem, whichever form they take. Data can also leak internally between IT systems. If sensitive data from a critical system is cascaded to another system with an insufficient level of protection, the result is once again data leakage.
The following examples should help to clarify what data leakage is, and its potential for damage:
Flows of sensitive data are often regulated by law. Data leakage, depending on its nature, may also be concerned. For instance, the General Data Protection Regulation (GDPR) now applies to the security of the personal data of European citizens. Among other obligations, organisations collecting or processing this data must be able to report any data breach to the GDPR supervisory authority within 72 hours or less. Non-compliance with GDPR (whether your organisation is in the Europe Union or elsewhere) can attract hefty fines of up to 20 million euros or 4% of annual global turnover. Other countries and continents may have their own regulations. With data frequently on the move across different regions, organisations must know rapidly if data leakage has taken place and its extent, or better still, take steps to avoid it.
The first steps to prevent data leakage are the common-sense ones. As a sizable proportion of data leakage is due to accidents or careless behaviour, awareness campaigns for your employees about information security can help reduce common mistakes. These campaigns include explaining how damaging data leaks can be; how to be careful with laptops and USB keys; and how to avoid slapdash use of email or inadvertent sharing of data through casual conversations, instant messaging, social networking, and unsecured storage. An acceptable use policy (AUP) for data can also give good results, if employees accept that data leakage is largely an internal problem, often unintentional rather than malicious, and that the right behaviour can help the organisation stay safe. As well as emphasising the importance of common sense, your AUP should state how employees are expected to use the organisation’s data, describing best practices (do this) and off-limits behaviour (don’t do this).
A further step may be to optimise the use of an existing data leakage prevention (DLP) solution. Has your organisation already invested in a DLP product to categorise organisational data and track its movement across systems and networks? If so, you may see value in tuning the product to meet your current needs. However, be aware of limitations in using some DLP products. For instance, your enterprise data may now be too big, too dispersed, and too disorganised for you or your IT department to classify it. Implementing or updating data tracking policies may also require significant time and effort not only from IT, but also from HR, finance, legal, and different business unit managers.
If you do not yet have a data leakage prevention solution in place - and if you do - then consider carefully what you need going forward - an alternative solution, or a solution that could easily integrate and support with what you’ve already got in place.
The alternative is a data leakage prevention solution that figures out itself what you need, without consuming other resources or obliging you to set up everything in minute detail by yourself.
Advances in AI, and specifically in machine learning, have now made this possible. Using machine learning, a system can build a profile of normal data usage and user behaviour, and then alert the organisation to any exceptional events by comparing them against this profile. In the case of ZoneFox, the profile-building or “training” stage is fully automated and allows the detection of anomalous behaviour just a few hours after training begins. This machine learning and associated AI help you to be thorough and react quickly to abnormal situations. The final step of understanding why something has happened and what to do about it is then yours. The “augmented intelligence” combination of artificial and human intelligence allows you to be significantly more efficient and effective.
Data leakage may not be as immediately obvious as data loss, but its mitigation and prevention are just as important, if not more so. As security perimeters continue to blur and fade, understanding your data flows and detecting the abnormal ones that indicate data leakage are ever more important. Immediate alerts about how data is being used and by whom, if leakage has occurred, which user accounts have been compromised, and the extent of any exfiltration lets your organisation react faster and stay compliant. You can then block data leakage directly, and contain or – better still – avoid any damage.