Resources

Blog

What Is a Sensitive Data Exposure vs. a Data Breach?

Sensitive data exposures can occur at any company and can release private, secure information costing a company thousands, if not millions, of dollars. What Is Sensitive Data Exposure? Sensitive data exposure is when any protected information, like PII, logins, Social Security numbers, financial data, etc, is found and shared with unauthorized users or companies. As its name implies, sensitive data needs to be protected due to its privacy imperatives from unauthorized disclosure. Safeguards should be enacted to prevent such exposure from occurring since it can impact people’s financial or reputational well-being, in addition to possibly causing them unwarranted emotional harm. In addition to the aforementioned personally identifiable information, sensitive data includes protected health information (PHI). In general, sensitive data that organizations find valuable falls under these categories: Customer Information: This consists of any stolen information that can be used to create and build a complete customer profile. It encompasses financial information such as credit cards and CVV numbers, and bank account information. Employee Data: Login credentials, social security numbers, salary and tax information, and residential address. Intellectual Property and Trade Secrets: Proprietary company information critical to establishing a competitive advantage in the marketplace. Digital Infrastructure: This provides crucial information to hackers and criminals regarding the blueprint of digital systems, offering insight into a company’s security and the attack paths that can be used for compromise. The Difference Between Sensitive Data Exposure and a Data Breach While they typically both have the same end result — jeopardizing critical data and sensitive information, sensitive data exposure and a data breach aren’t the same. A data breach is a concerted and deliberate malicious attempt to undermine an organization’s security system to steal sensitive data and use it to compromise identities for illicit financial gain. On the other hand, sensitive data exposure is accidental, typically the result of negligence or lack of action on the part of the organization. So, while both are undesirable, it is pertinent to note that sensitive data exposure is more passive in nature, resulting in accidental exposure or leakage of data from an application. This data exposure can come from various sources due to inadequate protection, such as lax cloud-based applications or misconfigured databases leaking data. But its deficiencies can usually be resolved by safeguarding and securing the data more appropriately. However, whether it’s a data breach or sensitive data exposure, adverse cybersecurity incidents can blemish an organization’s brand reputation while eroding customer trust and loyalty. The negative publicity and appearance of incompetence also make it difficult to find partners and vendors that want to work with and be associated with the brand. How Are Applications Vulnerable to Data Exposure And How To Secure Them Data is a vital resource of competitive advantage. As a result, as company data is used and transformed into information, it usually passes through multiple stages. At any point in time, data is typically in three states, namely: data in use, data in transit, and data at rest (stored). Sensitive data has to be protected at all times. However, it is hard to keep track of data at all times, much alone protect it. That is why data is encrypted, especially when it’s at rest and in transit. File and Public Key Encryption File encryption is the general method used to protect sensitive data. For documents that need to be shared among several parties, public key encryption is commonly used to secure the sensitive data it contains. Public key encryption is ideal because it doesn’t require passwords to be stored or other secrets to be shared. Apart from file encryption, tokenization and hashing are used to protect and encrypt certain fields in databases, especially those that store password and user account credential information. All these measures bolster file and database security to ensure their data is only accessed by authenticated users. This is because it uses private keys that seamlessly decrypt the file containing the data using its associated public key while remaining privately hidden. When an organization unwittingly exposures sensitive data through a security incident, it may lead to loss, unauthorized disclosure, alteration, or accidental destruction of the sensitive data. But data in use has to be unencrypted for it to be accessed by those who need to view or modify it, meaning the file in which the data is stored has to be decrypted. However, once the file or document is opened, the data stored in it is defenseless, exposed, and vulnerable to attack. Data in use is usually the most vulnerable because it has been decrypted. Protecting Sensitive Data From Illegal Exposure There are ways to avoid making sensitive data less vulnerable. Some things are no-brainers, like avoiding storing it in plain text documents. However, the more common way data is vulnerably exposed is through poor application programming practices, storing it in insecure online systems, uploading incorrect information to databases, and infrastructure misconfigurations. Since most of these are software flaws, they can be fixed and resolved by following data exposure prevention best practices and better coding practices. Code Injection Attacks on Databases and Weak JavaScript To prevent this attack, you must ensure your database can’t be compromised or tricked into exposing sensitive data to unauthorized users. Hackers and malicious actors deploy code injection attacks to trick a database or unwitting users to provide sensitive data, primarily through SQL Injection and cross-site scripting attack vectors. Capitalizing on Weak TLS or Encryption Without SSL or properly configured HTTPS security on a website, the data stored or transmitted through it stands the risk of exposure. Other hackers could take advantage of weak encryption enforcement to perpetrate attack scenarios such as surreptitiously downgrading the connections from HTTPS to HTTP. Another attack path could involve executing request forgery attacks by intercepting requests to steal user session cookies to hijack authenticated sessions. Man-in-the-Middle (MITM) Attacks This occurs when an attacker actively eavesdrops on conversations or, more appropriately, communications between parties — amongst users or a user and an application — by making independent connections. The objective is to intercept the relay messages and possibly alter the communications, unbeknownst to the parties involved. Although MITM attacks are widespread, they tend to occur on a small scale. Furthermore, they are mainly opportunistic and don’t pose much of a threat to an organization. However, they can cause real damage if they specifically target high-value employees with access to sensitive information through reconnaissance. A MITM attack can be successful if the target carelessly uses unsecured wireless networks, for instance, in coffee shops, to transact sensitive business. Ransomware Attacks A ransomware attack is a cybersecurity attack that essentially holds an organization’s data ransom until the criminals are paid a ransom. The files containing the sensitive data are encrypted with the threat of deletion or illegal exposure if the ransom money isn’t paid promptly. Insider Threat Attacks As the name suggests, insider threats traditionally come from within the organization. They occur when an employee or insider, like a contractor or vendor, poses a security risk by either unknowingly (often due to carelessness) or maliciously exposing the organization’s sensitive data. What Compliance Standards Are Affected When a Sensitive Data Exposure Occurs? A wide range of privacy regulations have sprung up over the past several years to hold companies accountable concerning how they handle sensitive and confidential data. The most notable are the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR), which require organizations to protect data in their possession at all costs or risk facing fines for non-compliance. These two have probably had the most significant impact on businesses and organizations around the globe regarding data privacy and compliance. On the healthcare front, there are the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). HIPAA and HITECH are regulations designed to protect a patient’s health data. Both come with steep penalties and fines for organizations and healthcare providers who fail to comply. Learn How Digital Guardian Secure Collaboration Can Prevent Sensitive Data Exposure Digital Guardian Secure Collaboration is equipped to protect your sensitive data, whether at rest, in use, or in transit. This is because it uniquely uses a combination of digital rights management (DRM) and information rights management (IRM) technologies to protect sensitive data in all phases of the data lifecycle.
Blog

Friday Five 11/18

Inadequate cybersecurity efforts, questionable data privacy practices, and ransomware made the top headlines this past week. Catch up on the latest stories in this week's Friday Five!
Blog

What is a Data Protection Officer (DPO)?

Learn about the DPO's role in managing organizational data protection and overseeing GDPR compliance in Data Protection 101, our information security fundamentals series of materials. A DEFINITION OF DATA PROTECTION OFFICER A Data Protection Officer (DPO) is a dedicated business security role that is required by the General Data Protection Regulation (GDPR). Data Protection Officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. WHAT TYPES OF COMPANIES NEED DATA PROTECTION OFFICERS? Introduced by the European Parliament, the European Council and the European Commission to strengthen and streamline data protection for European Union citizens, the GDPR calls for the mandatory appointment of a DPO in any organization that processes or stores large quantities of personal data, for employees, people outside the organization or both. DPOs must be “designated for all public authorities, and where the main activities of the controller or processor involve “regular and systematic monitoring of data subjects on a large scale” or when the entity carries out large-scale processing of “special categories of data,” such as those detailing people’s race, ethnicity, or religious beliefs. RESPONSIBILITIES AND REQUIREMENTS OF THE DATA PROTECTION OFFICER When the GDPR comes into force on 25 May 2018, the Data Protection Officer will become a mandatory role under Article 37, this applies to all companies that collect or process personal data from citizens of the EU. DPOs are responsible for educating the company and its employees on important compliance requirements, training staff involved in data processing, and conducting regular security audits. DPOs also serve as the point of contact between the company and the supervisory authorities (SAs) who oversee data-related activities. As stated in Article 39 of the GDPR, the responsibilities of the DPO include, but are not limited to: Educate the business and employees on important compliance requirements Train staff involved in data processing Conduct audits to ensure compliance, and proactively address potential issues / Serve as a point of contact between the company and GDPR supervisory authorities Monitor performance and provide guidance on the impact of data protection efforts Maintain comprehensive records of all data processing activities carried out by the company, including the purpose of all processing activities, which must be made public upon request QUALIFICATIONS REQUIRED FOR DATA PROTECTION OFFICIALS The GDPR does not include a specific list of qualifications required for DPOs, but Article 37 requires a data protection officer to have “in-depth knowledge of data protection law and practice”. The Regulation also specifies that the expertise of the DPO must be aligned with the data processing operations as well as the level of data protection required for personal data processed by data controllers and data processors. A DPO can be a staff member of a controller or processor, and the corresponding organizations can use the same person to oversee data protection collectively, as long as all data protection activities are managed by the same person and that the DPO remains easily accessible by members of the corresponding organizations whenever necessary. DPO information must be published publicly and provided to all regulatory oversight bodies. BEST PRACTICES FOR HIRING A DPO Since companies that process EU citizens' data are subject to GDPR even if they are not located in the EU, a study predicts that 28,000 DPDs will be needed for regulated organizations to be compliant to the GDPR when the law comes into force in May 2018. Businesses and organizations must have their DPDs installed before the regulation comes into force. It is therefore important to start recruiting and hiring DPOs now in order to recruit the most qualified professionals for this position, because they are in high demand and the deadline is looming. To hire the right DPO, you need to ensure they have expertise in data protection law and practices, as well as a comprehensive understanding of your IT infrastructure, technology and technical structure and organizational. You can appoint an existing employee as DPO or call on an external DPO. Companies and organizations should look for candidates who can manage data protection and compliance internally, while reporting non-compliance to the relevant supervisory authorities. Ideally, a DPO should have excellent management skills and be able to interact easily with internal staff at all levels, as well as external authorities. The right DPO must be able to ensure internal compliance and alert authorities of non-compliance, while understanding that the company may be subject to hefty fines for non-compliance.
Blog

Different Types of Data Breaches & How To Prevent Them

Different types of data breaches will affect what type of protection you implement at your company. Understanding each can help you better prepare for an attack. What Are The Most Common Types of Data Breaches? The most common types of data breaches are: Ransomware Phishing Malware Keystroking Human Error Physical Theft Malicious Insiders What Is a Data Breach? A data breach is a security incident or cyberattack that results in a security violation. This usually encompasses identity theft, stolen data, unauthorized access or acquisition of data, ransomware, illegal exposure, or disclosure of confidential information. While data breaches are typically instigated with malicious intent, a data breach can also occur due to carelessness, negligence, or sheer incompetence. Data breaches are sensitive matters because, in addition to potentially involving espionage and the theft of intellectual property, they put peoples’ personally identifiable information (PII) in jeopardy. Moreover, data breaches exact both a reputational and material impact on the impacted organization. IBM reports that the already steep cost of a data breach rose from about $4.24 million in 2021 to $4.35 million in 2022, representing a 2.6% increase. In the past decade, there has been a never-ending epidemic of data breaches. As a result, state legislatures and government agencies have responded with various legal frameworks to check this rampant criminality. Laws & Regulations Against Data Breaches According to the National Council of State Legislators, all 50 states in the United States, including its territories and the District of Columbia have enacted security breach notification laws. This compendium of rules applies to both government and the private sector. Other entities that fall under the umbrella of these laws include businesses, especially data or information brokers. As a result, any enterprise conducting business in the United States must not only familiarize themselves with federal regulations (for example, the Data Breach Notification Act) as they pertain to data breach laws but also understand the patchwork of state legislations, including those relating to industry-specific regulations. Breaking Down the Different Types of Data Breaches Data breaches occur due to a variety of reasons or circumstances. Here is a breakdown of the most common methods, means, and vectors through which they typically occur. Ransomware Ransomware is one of the most pernicious types of data breaches around. It has become very pervasive very fast, with the US suffering approximately 7 ransomware attacks each hour. It is a particularly formidable attack because it stems from cryptovirology, which is an extortion-based attack based on combining cryptographic technology with malware. Ransomware encrypts the data of the target organization systems or victim’s computer(s) to block access to it until a ransom is paid for the release of its decryption key. Hackers normally target crucial files, rendering them unusable so that organizations are placed in a difficult position where paying the ransom is the easiest option to follow. Colonial Pipeline, the largest American oil pipeline system, was forced to pay hackers roughly $5 million to unlock its IT systems in 2021 because a ransomware attack resulted in the shutdown of its critical fuel pipeline. In addition to encryption, attackers typically use exfiltration tools as a double extortion tactic by threatening to publicly post sensitive, stolen data. Some of the best defenses against ransomware include: Maintaining proper and up-to-date backups. Staying up-to-date by immediately patching software vulnerabilities. Ensuring devices and applications are equipped with current, cutting-edge security features. Educating people against clicking on unsafe or unfamiliar links. Proactive preparation by having an actionable plan in place in the event of a ransomware attack. Phishing Phishing campaigns usually involve social engineering attacks meant to deceive people into giving up sensitive information like access credentials and credit card details. Phishing attacks typically use emails, purportedly from reputable organizations as a sleight of hand, to send fraudulent messages to unsuspecting targets. However, the deception can also be executed via phone or SMS. The general strategy is to trick the individual into clicking a malicious link or attachment embedded in the message. To entice people to click, attackers use several strategies like presenting fake invoices and free coupons, bogus mandates to change passwords, and sham requests to confirm personal information. In addition to email phishing, other types of phishing include spear, whaling, smishing, and vishing; they’re all designed to trick people into revealing personal information that can be used for fraudulent data purposes. Spear phishing is a highly targeted attack crafted for an individual or group of people in an organization. Because they are very tailored to the personal details of the victim or group, they appear legitimate, something which can make them successful. Whaling is a spear phishing attack that targets a large group of high-profile targets, such as the executives in the c-suite of an organization(s). To prevent phishing, do the following: Install anti-malware software Educate staff on recognizing fake requests and dubious links Apply free anti-phishing add-ons Protect corporate accounts by using multi-factor authentication Malware Malware, short for malicious software, is a general term to describe intrusive programs created with ill intent. Malware can cause harm in a variety of ways, but it mainly starts by first infecting a computer, network, or server. Depending on their signature and payload, they seek to propagate themselves throughout system infrastructure and devices. There are a variety of symptoms that can indicate that a computer has been infected with malware. For example, the system starts slowing down and experiences frequent crashes and/or an unexplained spike in internet traffic. Some users might encounter abrupt browser setting changes, loss of access to files, and antivirus products suddenly stopping. Malware comes in different forms, such as the following: Viruses Worms Trojan virus Spyware Ransomware Adware Fileless malware Emerging strains of malware have become more sophisticated. To evade detection, some advanced persistent threat (APT) actors employ obfuscation techniques, like using web proxies to hide their IP address, including the capacity to deceive signature-based detection tools. They typically use command and control techniques to coordinate attacks. In addition to installing anti-virus and vulnerability scanning to detect anomalous network behavior, organizations should adopt zero-trust security instead of the ineffective traditional IT architecture with their “castle-and-moat” approach. Keystroke Logging Keystroke logging is a cyber attack that uses a tool or malware called a keylogger to capture and record user activities; for instance, the keystrokes entered to log in or gain access to a system. Its name derives from the fact that the key presses or strokes are logged into a file. Alternatively, an attacker can use a command and control infrastructure that enables the attacker to see the keystrokes entered in real-time. This is a simple yet potent cyberattack for the straightforward reason that most computer interaction is mediated through the keyboard. As a result, keystroking can yield a treasure trove of information like username/password credentials, including credit card and banking information.
Blog

What are Data Classification Levels?

How do you classify data in your organization? Conducting a data risk assessment and keeping compliance regulations top of mind are some of the first steps to helping an organization protect its data.
Blog

Friday Five 10/21

Ransomware, info-stealing malware, and scams may be taking up the headlines, but a new, "tough" national cybersecurity strategy is right around the corner. Read about these stories and more in this week's Friday Five.
Blog

What Is Endpoint Data Loss Prevention (DLP)?

Endpoint DLP is an additional data loss prevention tool that can help protect your enterprise from losing sensitive data. What Is Endpoint DLP? Endpoint data loss prevention extends to endpoint devices that are used to access sensitive, stored data. Endpoint DLP protects data in use, in motion, and at rest. What Is Data Loss Prevention? Data loss prevention is the practice of monitoring, detecting, and preventing potential cybersecurity data breaches, including the illegal transmission, exfiltration, and destruction of sensitive data. DLP incorporates a set of tools and practices to ensure vital data isn’t stolen, leaked, misused, lost, or accessed by unauthorized users. DLP Data Life Cycle Stages DLP provides complete data visibility in the network, at all stages of its utility and transmission. A comprehensive DLP solution targets data at three stages: Data in use: DLP safeguards data while in use by an application or endpoint. It also encompasses protecting data when it’s being accessed, modified, or processed. This is typically done through authentication, authorization, and identity access control. Data in motion: Securing the safe transmission of confidential, proprietary, and sensitive data as it passes through networks, including email and other messaging systems. Encryption is the primary mode of protection here. Data at rest: Safeguarding data stored in a storage location, computing device, database, or server, including cloud-based systems. Authentication, encryption, and user access controls are used here for protection. DLP should be an important aspect of the overall security strategy and posture of an organization. A DLP solution can be deployed at the network, endpoint, or on the cloud. Network DLP vs. Endpoint DLP vs. Cloud DLP DLP solutions emerged to protect and prevent companies from risking the loss of confidential and proprietary data, either inadvertently, or due to data leakage or insider threats. Endpoint DLP As its name implies, endpoint DLP monitors all endpoints. These typically consist of laptops, desktop computers, servers, mobile, and IoT devices. The list includes any device or component on which data resides, data is used, saved, or moved. The role of endpoint DLP is to monitor these devices to ensure data loss, leakage, or misuse doesn’t occur. Endpoint DLP has grown in importance and prominence with most companies adopting a bring-your-own-device (BYOD) policy with their employees. The implementation and company-wide rollout of endpoint DLP is more challenging due to its scope. Hence, its deployment can be an intimidating prospect for most organizations. However, there are some effective endpoint DLP solutions that don’t require complicated and time-consuming execution. To protect sensitive data such as intellectual property, organizations run endpoint discovery scans and execute remediation actions. Network DLP These are the most common DLP solutions. Network DLP’s primary role is to provide visibility into the type of data being sent through a network. Network DLP is efficient and well-rounded at safeguarding data in motion. To do so, it analyzes the network activity and traffic passing through what is mostly a traditional network. So, it monitors the network in order to detect when proprietary, confidential, business-sensitive data is transmitted in violation of company policy. However, its focus on network communication means that it’s mainly limited to protected data in motion. Moreover, experts point out that network DLP isn’t capable of protecting an organization from the harm that comes from insider threats. Cloud DLP This is effectively a subset of the network DLP and is tasked with protecting data on remote cloud systems. This encompasses data residing with cloud providers and software-as-a-service applications such as Microsoft 365 Outlook, Dropbox, Google Drive, Asana, and Jira. Cloud DLP protects data in the cloud. It primarily does this through scans and audits to determine the presence of sensitive data, subsequently encrypting it before it’s stored in the cloud. It fortifies this by generating a log that records when confidential, cloud-based data is accessed. It also alerts system administrators and IT operators in the event of anomalous activity or the threat of a breach. Moreover, offices are shifting more than ever to remote workforces or hybrids of this configuration, with tools like Slack and Google Drive. Are All of These Necessary? Should an Organization Implement all Three? For comprehensive security, organizations should endeavor to deploy all three DLP types. Used together, each plays a comprehensive role in the overall data security of an organization. For instance, endpoint DLP offers data visibility beyond an organization’s network. As a result, it’s vital for keeping the data on devices outside the network’s scope safe, which is especially relevant for those that connect remotely. By installing agents at endpoints, endpoint DLP is capable of accessing, scanning for, and ultimately protecting sensitive data. Network DLP monitors the network, especially for malware activity, suspicious file transfers, or data exfiltration efforts. It also reports on network bandwidth usage to establish a baseline of operations to detect anomalous activity by suspect actors. As remote staff and in-office employees transfer data back and forth between corporate communications networks and endpoint devices, a comprehensive DLP solution is necessary to add a robust extra layer of data security. How Does a DLP Solution Work? The centerpiece of creating a DLP solution is basically two-fold: First, determine if a particular operation is legitimate or possesses a threat to corporate data. Second, take steps to keep the data protected and secure. This scenario is an example of how a DLP solution works: A rule identifies when an incident occurs; for example, when a user attempts to copy data to a USB or removable device. The DLP solution prevents the data from being copied. The DLP solution generates a report, which triggers an alert notification to an IT security officer. DLP software is designed to detect misuse and threats through content awareness and contextual analysis. Content awareness involves analyzing documents to determine if it contains sensitive information. On the other hand, context analysis examines only metadata and properties of a document like its size, format, and header. Pattern Matching Context analysis uses pattern matching to determine whether a document’s content contains sensitive data like social security numbers, credit card numbers, or HIPAA information. Once the DLP software detects a matched pattern with confidential data, it proceeds to issue an alert to warn of violations and trigger an incident response. The analogy often used to explain this is to equate the content to a letter while the context represents the envelope used to send it. So, while content awareness analyzes the content, context encapsulates external factors like header, size, or format which lets us gain intelligence regarding the content of the envelope. The technical implementation of context analysis often involves the use of regular expressions, also known as regex. Context-based classification is paramount for protecting intellectual property, whether it is stored in a structured or unstructured form. DLP Use Cases Identifying and Preventing Sensitive Data Loss DLP assists businesses in identifying security incidents such as data breaches and hardening the IT infrastructure to avert the loss of confidential company data such as valuable intellectual property. This also includes applying different levels of trust to different devices, especially portable ones. DLP offers additional levels of protection for file transfers and sensitive data in motion by ensuring they are automatically encrypted. Data Discovery, Visibility, and Regulatory Compliance The sensitivity of data in the modern age means that organizations face a lot of oversight in their handling. Therefore, DLP helps companies to cover a broad range of government standards and requirements. One of the roles of endpoint DLP is the discovery and classification of proprietary, confidential data for compliance and reporting purposes. In addition to intellectual property information and proprietary data, DLP protects the treatment of personally identifiable information that falls under the auspices of privacy regulations like HIPAA, GDPR, PCI DSS, and so on. A major part of the regulatory requirements for these agencies is that organizations know where data is stored, especially at endpoints, or run the risk of non-compliance and face deep fines. Protecting Against Data Leakage at User EndPoints Endpoints such as laptops and mobile devices are very susceptible to data leakage because they are prone to connecting to unsecured networks. In addition, they are more likely to be stolen, misplaced, or damaged. Due to the massive growth of IoT, endpoints can also provide a conduit through which attackers can gain access to internal networks. Implementing DLP on endpoints helps monitor access to confidential and sensitive data on those devices. Best Practices for Endpoint DLP Adopting best practices helps to fortify your DLP endpoint implementation. Here are a couple of DLP best practice strategies to consider.