Perimeter 4min de Leitura - 29 de June de 2018

Understand the impact of data leak in corporate environments

Homem analisando gráficos

This post is also available in: Português English Español

There is no 100% safe environment these days. Companies, however, can be protected with maximum shielding from both internal and external threats. This is possible thanks to numerous features developed and improved, especially focused on data loss prevention (DLP).

But it is foolish to think that ransomwares are the only way to violate corporate data. Internal actions, especially of collaborators or malicious users, can cause great damage to companies of all sizes.

If you want to know more about the subject and the impacts a data leak can cause to your company, just continue reading this blog post.

Data hijacking and leakage: what’s the difference?

Although both are part of cybercrime, there are relevant differences between hijacking and data leakage. They are two actions that present similarities, but they can occur by different means.

Data hijackingis characterized by the violation of the network structure, in order to take possession of corporate equipment and data as well as request a reward in exchange for release it. They can be both targeted and opportunistic attacks, having mostly financial goals.

In case of data leakage, internal or external users use technological devices and, in some cases, their privileges of access to information, in order to obtain confidential data of the organization. It is worth noting that, not always advanced crackers are used to succeed in the leak of information; in some cases, privileged access to information is the great villain of history. In such cases, tools such as e-mail, cloud file sharing software, removable devices such as USB drives, HDDs, become efficient means for corporate data leaks.

Technologies for data loss/leakage prevention

DLP solutions are good alternatives for data leakage prevention. These products have some variations, which guarantee adherence to the most varied protection needs. Check below for more information on the types of Data Loss Prevention(DLP).

Network DLP

Network DLP, or NDLP, is a data loss prevention system that filters network outbound and inbound points – that is, ports and protocols. It provides great reports on the state of the data, such as the ones being used, for what purpose and by whom they are being accessed, where they are going, and where they come from, etc. NDLP also works in emails, through content analysis.

Endpoint DLP

Endpoint solutions are extremely necessary in a company’s network infrastructure because they provide numerous prevention benefits and work especially as Data Loss Prevention. The concept of DLP may be present in antivirus, for example, that allow certain folders and files to be tagged as sensitive content (data and information), making it possible to manage access and generate alerts to the professionals responsible for administering these products. These solutions also control devices, such as mobile devices, as well as applications and perform cryptography.

Storage DLP

This type of DLP aims to prevent the loss of data stored and shared on the corporate network or by anyone who has access to it. It identifies access anomalies, generating constraints – if any. It is a very common solution for cloud data.

What are the impacts of data leakage?

Having responsibility and commitment to the preservation of corporate data is of utmost importance to an organization. When there are breaches or security bottlenecks and there is leakage of information, the consequences can be very serious. Check out some of the key impacts of data loss in enterprise environments.

Business interruption

In 2011, the PlayStation Network was down. Sony’s digital content service was unable to provide its services to more than 77 million people worldwide. All this happened by a cybercrime action, which also stole data from 24 million accounts.

Financial losses

Data leaks and financial losses go hand in hand. In the same incident mentioned above, the Japanese multinational had a catastrophic loss of US$ 24 billion.

Another example is in Brazil. According to IBM, domestic companies suffered a loss of R$ 4.31 million because of data leakage occurred during 2017.

Credibility

Imagine a database company with more than 60 million e-mails leaked on the internet. That’s what happened to Epsilon, which owns one of the largest e-mail databases in the world. The consequences are clear: vulnerability and mistrust, which ultimately takes credibility away from the entire organization. However, this does not concern only to brands that manage information; the highest value of a company are data, so any leak can be fatal to business images built over time.

Lawsuits

Another great consequence are the lawsuits against the company, which can be issued by the victims of data leak. Requests for damages, if the institution’s irresponsibility for information security is proven, will not only cause financial losses and irreversible corporate reputation, but will also mark the business in court.

In the United States, since 2015 it is now possible to punish corporations that do not invest adequately in cyber defense. This action is supported by the legislature and is looked after by the US Federal Trade Commission.

Sensitive and confidential data of public knowledge

What if confidential data, of corporate knowledge only, fall into the public domain? This is a possibility – one of the great ones – and that can have other consequences. To cite just one example, we have the Snowden Case: a former CIA agent who released a government surveillance program in European and Latin American countries conducted by the NSA. Reports of this crime have been identified through another crime: the leakage of confidential data from the United States security agency.

If you’d like to know more about data leakage – and especially how to avoid it – we’ve developed the blog post “How to minimize data loss by using a corporate antispam” to promote a contextualization of the subject, offering numerous security tips.

Keep reading

[latest_post type=’boxes’ number_of_posts=’3′ number_of_colums=’3′ order_by=’date’ order=’ASC’ category=’solution-appreciation’ text_length=’100′ title_tag=’h4′ display_category=’0′ display_time=’0′ display_comments=’0′ display_like=’0′ display_share=’0′]

This post is also available in: Português English Español