Data Loss Prevention

4 Ways To Prevent Insider Threat Driven Data Leaks

A modern organization’s biggest fear around insider threats is data leakage exposing intellectual property, customer information and other regulated data. We see this in the news over and over again; organizations experience data loss in a variety of ways and the consequences can be far-reaching. Yet finding ways to prevent data leaks that are driven by insiders, whether negligent, malicious or compromised is still a challenge.

But to learn how to prevent data leaks, organizations first need to understand what a data leak is, how it can happen and how users can do better.

What is a Data Leak?

A data leak is the release of sensitive data or information outside the organization. This sensitive data may be related to user information, intellectual property (IP), payment information in critical systems or account credentials.

A data leak can involve both physical and electronic data, but data stored on the internet and user devices is a more modern concern. Leaks can also be intentional or unintentional, as explained below.

Intentional vs. Unintentional Data Leaks

An intentional data leak is defined as the malicious act of obtaining and sharing sensitive data outside of an organization. Cyber criminals and external threat actors can target organizations’ sensitive data in an intentional cyberattack, first entering an organization’s network or endpoints and finally exfiltrating the information they are after. Verizon’s 2021 Data Breach Investigations Report (DBIR) found that 85% of breaches involved a human element.

Intentional data leaks can also be initiated by someone inside the organization. These are referred to as malicious insider threats. As employees or other authorized users within an organization, insiders often work with sensitive data and information in their daily jobs. In this case, the intentional and malicious data leak is meant to cause harm to the organization.

An unintentional data leak is defined as unknowingly sharing sensitive data outside of an organization and can also fall under the umbrella of insider threats. These are referred to as accidental or negligent insider threats. A data leak is considered unintentional when an authorized user or system is compromised, and doesn’t know, or is negligent to the harm they are causing the organization based on the behavior using their access or endpoint. Negligent users are actually the most common source of insider threats, causing 62% of incidents according to recent data from Ponemon.

What causes a data leak?

Email attacks — whether they’re delivered through ransomware, zero-day threats, polymorphic malware, weaponized documents or phishing attacks — are most often at the root of intentional, criminal data leaks. However, email is far from the only risk for data leakage. 

Confidential information can be found and stolen from various sources, including:

  • Endpoint devices like mobile phones, laptops and printers
  • Cloud storage and third-party applications
  • Network storage like RAM
  • Discarded physical documents
  • Misplaced thumb drives

The intentional, unauthorized movement of data is also referred to as data exfiltration.

Shadow IT, or the use of software that hasn’t been approved by an organization, is another growing cause of data leaks. The pandemic accelerated remote work and drove user adoption of cloud-based collaboration tools and file storage. While not frequently done with malicious intent, the unauthorized use of these tools presents new opportunities for data leakage.

How to Detect a Data Leak

Common indicators of a data leak include unusually high system or network activity, the presence of unexpected software, or abnormal user activity like logging in from various IP addresses within a short time period. However, relying on a team to manually notice and respond to such cues drastically increases the time frame it takes to detect, contain and investigate an incident.

Instead, organizations rely on data loss prevention (DLP) solutions to continuously monitor, detect and prevent data leakage and insider risks. With these tools in use, organizations can take the necessary steps to prevent a data leak by receiving precursory alerts when a risk is detected, or a potential leak is predicted.

4 Ways to Prevent a Data Leak

Now with a better understanding of what constitutes a data leak and how it can happen, here are four ways organizations can prevent a data leak.

  1. Monitor data access, data movement and user activity. Understanding which authorized users have access and how they are using sensitive information helps organizations gain more accurate insights into data leakage risks.
  2. Know where your critical data is stored. Differentiating sensitive from other types of data enables your security team to be more efficient. Transfer existing investments into data classification and build new ones using common content detectors across email, cloud, web and endpoint channels.
  3. Utilize data encryption. Data encryption protects data sent through emails and attachments against exfiltration. Consider using a tool, like Proofpoint Email Encryption, to encrypt messages automatically, while reducing the risk associated with manual encryption processes.
  4. Implement insider risk practices. Users can bring various endpoint devices into the network, such as smartphones, laptops and printers. Elevate your cybersecurity program by taking a people-based approach to securing the network by also securing these endpoints from data loss.

Prevent Data Leaks with a Modern DLP Solution

Understanding what a data leak is, and how they occur, is the first step to preventing them.

From there organizations need to consider how to manage data leaks, whether by introducing a DLP, maturing existing DLP tools or by taking a modern approach to DLP.

Unlike legacy DLP tools, Modern DLP solutions focus on tying people and threats to sensitive content. It’s an adaptive, people-centric approach that provides the “who, what, where and when” behind activities, alerts and incidents. This enables security teams to quickly detect, prevent and respond to risky users – negligent, compromised and malicious – before a catastrophic data leak occurs.

 Take a deeper dive into data leak prevention by downloading our eBook Redefining DLP today.

Subscribe to the Proofpoint Blog