Insider Threat Management

How Data Misuse Looks in the Real World

(Updated 05/20/2021)

As the phrase implies, data misuse is the inappropriate use of data. It can be defined as a legal violation or actions that go against a certain corporate policy, and it can be done either intentionally or accidentally.

But even with regulations in place that define how data can be used in certain jurisdictions and what constitutes misuse—the misuse of data is only becoming more common. According to the 2020 Cost of Insider Threats report, the frequency of insider threats has increased by 47% since 2018. And perpetrators include everyone from individuals to political campaigns to companies of all shapes and sizes.

 

Why Data Misuse is So Dangerous

One of the problems with data misuse is that it can also lead to data loss and further abuse. Once valuable data has been leaked, there are always criminals and groups with ulterior motives who look for opportunities to use the data to their advantage. They may collect the data and employ it in targeted phishing campaigns or repackage and sell it to others for profit.

As criminals find creative ways to capitalize on stolen data, organizations need to put systems in place to identify instances of data misuse as early as possible. Ultimately, it doesn’t matter if the data is leaked maliciously, accidentally or unknowingly. The results of misuse can diminish a company’s brand, reputation and even shareholder value.

It’s especially challenging—but of utmost importance—to figure out how to deal with data misuse when it is perpetrated by an insider with full access to an organization’s data. Insiders are uniquely able to access and misuse data in a variety of ways, and yet they are often overlooked when organizations “lockdown” their data.

Here are a few examples of what data misuse looks like in the real world today.

 

Data Misuse in Action

Phishing Scam Catches Texas School District 

In November 2019, the Manor Independent School District in Manor, Texas was targeted with a phishing scam. The school district is facing a loss of $2.3 million after completing three separate transactions, money that is unlikely to be recovered. A district employee identified the scam one month later and reported it to law enforcement.

This illustrates that phishing scams are becoming more sophisticated; it can be incredibly difficult to spot these fake messages, even with proper training. Business Email Compromise (BEC) scams usually begin with phishing, which is why it’s so important to have proper precautions in place to ensure you can implement adaptive controls to mitigate the risk. 

Unauthorized Access at Ubiquiti Networks 

Networking equipment and IoT device vendor Ubiquiti Networks notified its customers in January 2021 of a security breach that involved unauthorized access to some of its information technology systems hosted by a third-party cloud provider. Though it seems they followed the traditional protocol to alert customers to the breach and encouraged customers to change passwords and turn on two-factor authentication, a whistleblower shared the fact that the company downplayed the severity of the breach.

The breach resulted in the attackers gaining access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts. Basically, the attackers gained access to the credentials needed to remotely access Ubiquiti’s customers’ IoT systems.

 

Basic Security Failures for SingHealth

In July 2018, Singapore’s SingHealth experienced a data breach involving records for 1.5 million patients — including the prime minister of the country. A 2019 investigation determined that the breach was the result of a combination of poor system management, lack of user training and glaring security flaws.

Ultimately, the IT agency responsible for maintaining the public health system’s security was found to blame. The IT firm had previously identified suspicious activity, including database login attempts, but did not flag the activity as an attack or take any action. This mismanagement led to the massive breach, and is a perfect real-life example of a third-party insider threat come to life. 

 

Data Misuse: Where Do We Go From Here?

As the examples above demonstrate, data misuse is widespread across public and private sectors. Misuse can be motivated by profit, politics or personal gain. And it can happen at the local level and between nation states.

So, what can we do about it? Lawmakers will continue to tighten regulations on how individuals, corporations, and government bodies can collect and use data. Enforcement agencies will hopefully continue to use these laws to crack down on rampant data misuse. Individuals should educate themselves to ensure they are more aware of how their data is being used – and take advantage of privacy and security controls when they are offered.

But, perhaps most importantly, organizations need to leverage data access controls and monitoring solutions that are robust, operate in real time, and are sufficiently powerful to address the scale of the data misuse problem today.

According to the 2020 Cost of Insider Threats report, it takes an average of 77 days to contain an insider incident. This is alarming, especially when you consider that the frequency of insider threats is only increasing. 

Investing in real-time information protection and insider threat solutions that continuously monitor and analyze how data is being used gives organizations a unique advantage to limit data misuse before it becomes a bigger and more costly problem. Along those lines, these tools should be regularly updated to ensure that data use complies with both internal policies and external regulations. 

Ready to learn more about protecting sensitive data and intellectual property from misuse? Check out our Information Protection solution suite.

Subscribe to the Proofpoint Blog