Reasons and conditions for leakage of protected information
Information leakage is the receipt of protected information in an unlawful manner that is important for an individual company or person, as well as the state as a whole. Such acts are deliberate and accidental. Any information has a price. Theft of personal information using malware or viruses harms its owner.
In the presence of logins and passwords, bank account numbers and cards, attackers steal money, confidential information (developments, plans, technologies, industrial secrets) of companies.
Information leaks are the result of uncontrolled disclosure of industrial secrets of an enterprise. Loss of protected information occurs due to a disregard for the rules for protecting information. Failure to comply with the storage conditions for classified information entails its theft and disclosure on public resources, for example, on the Internet.
Data loss reasons
There are several reasons for losing confidential information:
- Redundant access to protected information, insider activities. Deliberate actions of employees who have received the right to access classified information to perform functional duties. The illegal actions of insiders are conventionally divided into illegal gaining access to confidential sources of information and the use of official powers to steal and transfer information to unauthorized persons.
- External information leaks (hacker attacks). Hacking the protected database using malicious software and stealing confidential information for resale to third parties. The share of hacker attacks is 15% of confidential information leaks. The inconspicuous installation of malicious software is the reason for unauthorized tracking and theft of protected information, including passwords from current and card accounts. Viruses and Trojans are used for external attacks. The peculiarity of such information leakage is the deliberate actions of unauthorized persons to gain access to closed sources.
- Installation of backdoors or Trojans - malware - provides free access to the information system, allows you to copy, change or delete information, as well as replace the protected database.
- Theft of information carriers. Deliberate theft of external media is a common cause of information loss. Loss of confidential information occurs when a laptop, phone, smartphone, flash card or hard drive is stolen.
- Unintentional information leaks - loss of a flashcard, smartphone, tablet or other removable media, negligence of staff to work. The risk of theft increases when classified information is published on the Internet, including on social networks. The human factor should not be ruled out by listing the reasons for the loss of information. A company employee unknowingly or maliciously opens access to closed information databases to third parties.
Conditions for data loss
The classic workflow, including internal exchange of documents (within the company), external exchange with suppliers and customers and archiving of cases, is the main condition for the loss of information bases. Information leaks occur:
- when printing a file, if the printer is installed in a shared office;
- in case of violation of the terms of storage of documentation and its untimely destruction, especially when saving on shredders and training of personnel;
- in case of improper storage of the archive - in ordinary cabinets, and not in a safe, as provided by the rules of office work;
- in case of incorrect destruction of documentation in the event of reorganization or closure of the company.
These factors are encountered in practice in companies equipped with security systems and having sufficient resources to prevent leakage.
Vulnerabilities in corporate technologies are another condition for information loss. These include:
- lack of segmentation and filtering of access to information processing and storage systems;
- lack of monitoring of access rights;
- lack of supervision of users with privileges.
Favorable conditions for information leakage are created when using computer technology and mobile devices:
- loss of a tablet or smartphone together and the information stored on them;
- connecting removable media to a PC with subsequent illegal copying of files;
- deliberate disabling of the monitoring system by the administrator for the transfer of confidential information;
- lack of monitoring of installed software makes it possible to install cryptographic applications with the sending of stolen information through a DLP filtering gateway.
Using the Internet increases the risk of information theft:
- sending information through cloud services;
- transmission of information via e-mail;
- creating a tunnel to external resources and transporting classified information. Even an ordinary employee can organize a tunnel using browser extensions;
- transfer of information via messengers (IM).
Risk analysis
Analytical studies confirm the existence of external and internal threats to information security. The quantitative indicators for external information leakage are higher. This is due to the complex process of hacking the information security system and, accordingly, the desire to obtain more information.
Internal data leaks are due to personal gain and a narrow area of interest, so the amount of stolen information is less. The greatest risks are associated with the use of Internet resources. Insiders know about the presence of DLP systems, monitoring e-mail and removable media, so they use Internet resources, which are difficult to track due to their diversity.
The share of leaks through mobile devices is minimal. This is due to the limitation of the available information on the mobile device and the implementation of security systems on it.
For information protection to work effectively, an integrated approach will be required that provides for monitoring and analysis of information leakage channels, training personnel in security rules when working with information databases, and engaging third-party specialists to design and implement information security programs.
16.12.2020
