Information leakage cases
Information leaks - the extraction of information in an unscrupulous manner that is not intended for public access and is of value to the state as a whole or its subjects, bodies, and structures, or legal entities and individuals (for the latter, personal data leakage is especially relevant today). Currently, the largest amounts of information are stored by legal entities and individuals on computers and other electronic media. Therefore, it is quite logical that its leakage most often occurs from a PC. To obtain information, hunters for it use special virus programs. Having received information about logins and passwords, as well as the data of bank cards and accounts, attackers easily steal funds, company secrets and know-how of companies, become owners of trade secrets, as well as information that can later be used to discredit and blackmail.
Often, information leakage can be prevented using only technical means, such as DLP systems and SIEM systems, which exclude data leaks through a computer network. But, as practice shows, many business leaders show their interest in protecting information only after something difficult to fix - the leak itself - has happened. This is especially typical for the Russian Federation, where the culture of information security is just being formed.
Types of information leaks
Information leaks can be deliberate or unintentional.
Deliberate is the exit of confidential information outside the enterprise when a person who has gained access to this information transfers it to a third party while being aware of the possible negative consequences both for the enterprise where it works and for individual officials of this enterprise, or organizations associated with it in any way. Moreover, as a rule, such a person is warned by the management about the inadmissibility of such actions and the responsibility that he bears but commits them. The growth of such cases is explained by the emergence of new technical means of data transmission, including in digital form. The number of services hosted on online platforms, as well as other data storage and transmission channels, is growing from year to year. The Internet is increasingly becoming a medium for the dissemination of information.
The sources of intentional transmission are as follows:
- information carriers were stolen;
- inside from staff;
- access to information from the outside.
Let's take a closer look at each of these types.
Leakage as a result of deliberate theft of electronic devices (laptop, tablet, smartphone) is quite common. Also, the thieves may be interested in removable media: flash drives, hard drives.
Exclusive information from employees goes to the side in two ways. The first is that the information that the employee shared with third parties was obtained by him legally: due to his official duties, he had access to it. The second is that an employee involved in the data leaks received them illegally and managed to transfer them outside the enterprise.
But more and more information security experts point out that malware is used to retrieve information. Data leakage due to the use of malware is becoming more common every year.
Information is stolen by copying for personal gain. Using trojans and backdoors, hackers can correct data and even delete it. By installing malware remotely, attackers can easily control a PC, gaining access to all information stored on it, including passwords to bank cards and accounts.
According to SearchInform, the structure of the stolen information does not change from year to year: 25% - data on customers and transactions, 18% - commercial secrets (the same amount falls on the leakage of technical information), 15% - personal data, 12% - information about counterparties, 9% - internal accounting.
Of course, the commercial sector is much more likely to fall victim to attacks than the public sector.
As for unintentional information leaks, they usually occur due to the loss of a data carrier (tablet, smartphone, laptop, flash drive, etc.). At the same time, the smallest in size - small flash drives and SD cards - are most often lost.
Also, unintentional actions of employees of enterprises contribute to the release of information outside: they mistakenly post confidential data on the Internet or, for example, write down a password on a piece of paper, and it can easily be accessed by persons for whom such information is not intended. The human factor plays an important role in the leakage of confidential information.
Information leakage channels
The channels through which information leakage occurs most often are divided into technical channels and the rest:
- mobile devices;
- removable electronic media;
- paper documents;
- network (browser, cloud services);
- voice, speech.
The technical channels account for most of all leaks. And it is in this segment that the highest growth dynamics is noted. In 2016, an increase in this indicator was registered all over the world, while in Russia it was generally 80%. At the same time, the information goes outside, in most cases, due to internal violations of information security, while external unauthorized access accounts for a relatively insignificant share of the total number of emergencies.
The blame for the release of information outside, according to SearchInform, is distributed as follows:
- third-party attackers - 7%;
- employees of the enterprise - 52%;
- contractors -1%;
- top management - 14%;
- accountants, economists and financiers –10%;
- assistant managers, seretari - 6%;
- sysadmins - 6%.
At the same time, internal leaks, according to the authoritative highly specialized portal Content Security, occur for the following reasons:
- increased talkativeness of employees of the enterprise - 32%;
- bribery of a member of the labor collective by a competitor or representatives of criminals - 24%;
- lack of information security rules at the enterprise - 14%;
- transfer of confidential information during an exchange of experience - 12%;
- disorderly operation of information systems - 10%;
- due to internal corporate conflict, clarification of relations between individual members of the labor collective, personnel miscalculations, psychological incompatibility of employees - 8%.
At the same time, the transition to electronic document management throughout the world, including Russia, continues to occur (most countries are only at the beginning of this process), which means that the amount of loss of important information through technical means of transmission will only increase. This trend is predicted by absolutely all analysts in the field of information security.
Mechanisms and methods for preventing leaks
To protect your data from intrusion by third parties, it is recommended to use:
- DLP systems.
- SIEM systems.
The first ones prevent leakage from the information system beyond its limits. Their actions are based on the analysis of information flows that go beyond these limits. With a certain information signal, the DLP system is notified of the appearance of confidential data in the stream, and their transmission is immediately blocked.
A SIEM system analyzes possible sources of threats from network devices in real-time, ensuring the security of speech information.
A reliable way to protect information is the use of various identification and authentication systems. They reliably protect networks from unauthorized access, especially from attackers who do not have extensive technical knowledge. The essence of the protection is that from the side of the system there is a request for information, as well as other data that can only be possessed by a specific user and no one else. These can be biometric parameters (access opens after reading a fingerprint, a drawing of the retina, and so on) or certain confidential information (passwords, keys, etc.).
Another method of protection is cryptographic, which consists of encrypting data. As a result of the use of such protection, each character is encoded, which prevents the removal of data from spurious electromagnetic radiation generated in connection with the operation of electronic equipment. You can determine the meaning of each of the symbols only if you know the key to the cipher. Combined encryption is often used when the content can be understood using several keys in a strictly defined sequence.
The most optimal and effective is the combined use of the methods given above.