More than 60% of corporate data worldwide is stored in the cloud, and there are more than 40 zettabytes of data stored on cloud servers today. That’s a lot of corporate data exposed to potential leakage.
In our latest on-demand webinar, Cloudy with a Chance of Data Leakage, CrucialLogics’ experts Amol Joshi and Desirae Huot team up with ethical hacker Richard Rogerson from Packetlabs to discuss data security vulnerabilities, remediation strategies, and more. In this first blog in a 2-part series based on the webinar, we examine the threats and impacts associated with data leakages and what you need to do to protect your organization’s digital information.
Understand the Impact of Data Leakages
It is crucial that you distinguish the various categories of data to understand how their leakage would affect your organization. For example:
- Personal, financial, and health information can be uncovered and sold, to be used for marketing, fraud, or identity theft.
- Intellectual property can be copied and sold to third parties, or used to develop products and services similar to those of your organization.
- Competitive information can be leaked to bad actors and sold to be used by your competitors to block your strategic plans.
- Legal information about your organization can be disclosed to third parties that may damage your legal position.
- Data on your IT security protocols can be targeted, giving unauthorized parties access to all types of information on your enterprise.
Protecting your organization’s data is vital, as the impact of a leak can easily lead to identity theft, revenue loss, reputational damage, operational disruption, regulatory sanctions, legal action, and more.
Beware of These Six Threats to Data Leakage
There are various ways data can be leaked. It can be accidental, or more worrying, intentional. An intentional data leak is an attack on your IT infrastructure that targets your organization’s sensitive information. The top six malicious threats to your data you should be aware of are:
- Ransomware – This is the most common data leakage threat. Bad actors lock down your organization’s data so you no longer have access. They then threaten to leak your sensitive information unless you pay them a ransom.
- State Sponsored APTs (Advanced Persistent Threats) – These were common at the beginning of the pandemic when research was being conducted to develop a vaccine for COVID 19. Instead of doing their own research, some countries targeted groups who were already working on a vaccine, to steal their findings.
- Hacktivists – The most notorious hacktivists are Anonymous. Their cyberattack against Russia saw large amounts of data being leaked, including sensitive data from the Central Bank of Russia. Even the Kremlin had their CCTV security compromised.
- Lapsus$ – They are an international hacking gang that have gamified the process of breaching an organization’s IT security protocols to leak their sensitive data. Their victims include NVIDIA, Microsoft, Okta, and many more.
- Competitors – Some companies will compromise their competitors’ databases to uncover their current business plans, their roadmaps for the future, their pricing strategies, and any other trade secrets, all of which crosses into intellectual property theft.
- Disgruntled Employees – Insider threats present a credible risk. Employees have access to data, and they tend to make backups. An unhappy employee can easily be bought off to provide access to your enterprise, or they might leverage their knowledge when applying for a new job.
Identify and Classify Your Data
In order to protect your vulnerable data, you must first identify and label the different kinds of information that is currently being produced and stored within your organization. Then you need to prioritize each category in terms of sensitivity (see below). It is important to know what and where data is stored. But it is critical to understand what information is sensitive and most vulnerable to bad actors, so you can take appropriate steps to protect it.
Understand Your Attacker’s Targets and Objectives
We have established that the most sought-after information by hackers is your organization's confidential and restricted data. The diagram below illustrates which types are targeted and for what purpose:
Learn From These Data Leakage Scenarios
Data leakages can be unintentional or non-malicious, or they can be the result of an intentional attack on your enterprise by a bad actor. Here are six examples of each to learn from:
6 Cases of Accidental Data Leakage
Data leakages are usually associated with a cyberattack or someone acting with malicious intent, but more often than we would like to admit, they can be unintentional. For example:
- An employee accidentally chooses the wrong recipient when sending an email or an attachment containing confidential data.
- An employee inadvertently sends a list of credit card numbers in a Microsoft Teams chat.
- An employee downloads a copy of a document containing a social insurance number and uploads it to their Google Drive.
- A guest is mistakenly invited to your finance department’s Microsoft Team where your organization’s financial data is stored.
- A file stored on SharePoint, that contains personally identifiable information, is shared with someone outside your organization.
- A manager creates a Power Automate flow that saves email attachments in their personal Dropbox whenever they receive an email in their corporate mailbox.
6 Cases of Malicious Cyberattacks
These are examples of malicious attacks that our Red Team conducted, to illustrate common points of vulnerability:
- A low-privileged user was compromised and their e-mail was searched for credentials, spreadsheets, and certificates.
- An employee was asked for sensitive information over a compromised Teams account, like password reset and credential details.
- A compromised user account was used to search Microsoft SharePoint and File Share for sensitive content.
- An inactive employee’s account was compromised via password spraying and leveraged to obtain access to key departmental shares.
- An employee’s RDP session was hijacked, enabling access to the organization’s ERP solution, including customer information and pricing.
- A logon script was hacked, containing Domain Admin credentials that enabled the compromise of corporate backups.
Data leakages, accidental or intentional, are a constant threat. The impact of a leak can have little effect on your enterprise or it could lead to a catastrophic ransomware situation. Understanding these threats and their potential impacts is the first step.
Coming up, in part II of this series, we will discuss what you can do to protect your organization from data leakages. In the meantime, to hear from the experts firsthand, watch the webinar: Cloudy with a Chance of Data Leakage.