Data In The Dock: Corporate Theft On The Rise

Data Theft

Keeping Intellectual Property (IP) and business critical information safe is now a crucial part of a modern company’s IT infrastructure. More than ever, in this climate of government-sponsored attacks and highly publicised hacktivist events, businesses are increasingly being fined for data breaches or finding themselves in the courtroom launching claims against former employees.

The scale of the problem has been identified in a recent research report from law firm EMW which shows that the number of high court cases related to corporate data theft has increased 250 per cent between 2010 and 2012. The report finds that these thefts are costing small to medium size businesses (SMEs) a vast amount of money in losses and legal fees.

And it’s not just SMEs businesses that need to be careful as the department of Business, Innovation and Skills recently commissioned a report on Information Security breaches in 2013 which found that 78% of large organisations were attacked by an unauthorised outsider in the past year compromising confidential information.

Whilst the scale of the threat is evident, Data Loss Prevention (DLP) solutions that can protect against these data stealing threats, whilst existing for many years, has yet to gain wholesale market adoption; this begs the question, why? Much it seems is due to misconceptions of DLP solutions as businesses have often not realised the business benefits it can bring or have struggled to understand how to implement it effectively.

For many security was just seen as protecting companies from the dangers of incoming threats rather than outgoing traffic – this is a fundamental misunderstanding of what the data threat landscape entails and how it has evolved over the years. As a result, organisations are often not aware of the risk they might be susceptible to without having the proper protection in place.

The most common type of confidential information theft identified by the EMW report actually involves departing employees saving sensitive data, on a USB stick, or sending them by email. In addition, according to a study by psychologists in America, about 65 percent of employees who commit insider data theft had already accepted positions with a competing company or started their own company at the time of the theft. About 20 percent were recruited by an outsider who targeted the data. More than half steal data within a month of leaving.

So whilst data theft can be very sophisticated and predicated by hackers with lots of skill and resource, the fact remains that when it comes to protecting vital data, employees always remain the weakest link in the security chain. Naivety, disgruntlement, ambivalence or bribery of employees is often the most common methods of internal data loss in businesses. Whilst detecting attacks is undoubtedly always a difficult practice there are DLP solutions and practices that can be put in place to mitigate the threats.

Automated solutions can now be deployed to identify malicious behaviour within a network. Employees ‘typical’ behaviour can be analysed and profiles created so that any irregular activity or deviations inside the network can be identified.

According to the annual Verizon breach report 14 per cent of all breaches occurred due to internal actors who would be caught trying to access important files outside of their profile.

If a user profile indicates that an employee regularly accesses certain network areas and a certain amount of files every day and suddenly this behaviour changes, this raises a red flag on the security of their account or actions. This approach can aid companies in discovering activity which could indicate an insider threat or an external attack.

For example if an employee attempts to send a large database of client contacts you may have a problem. DLP solutions in this scenario can assist in detecting large amounts of data going out of the network, as well as offering the ability to detect unrecognised encryption, password files and more.

In addition, and according to 2013 Verizon Data Breach Investigations report, in 66% of cases, data breaches weren’t discovered for months or even years meaning that you could be at competitive disadvantage and not even realise till it was too late.

Ultimately there are many scenarios and approaches to take to address data loss within a business, however the fact remains that CIOs have never been under more pressure to keep their companies business critical IP safe. The important question of how we monitor, manage and control outgoing as well as incoming data has become all the more relevant.

With the global cost of a data breach averaging at $136 per compromised record, and the number of high court cases related to corporate data theft increasing 250 per cent, organisations can’t overlook DLP technology and procedures – it is vital to protecting sensitive data, maintaining the trust of your customers and your edge in the market.

Lior Arbel

Lior Arbel is the CTO of Performanta, a specialist information security firm, securing enterprise businesses from the latest modern security threats. Lior is responsible for leading the information security services provided by the company in the UK and leads the team helping customers to understand the need for data security solutions and the best practices for implementing such solutions. Lior has more than 15 years in IT security industry. Prior to Performanta, he worked at Websense, a global leader in protecting organisations from the latest cyber-attacks and data theft, as global lead of its DLP solution specialising on large enterprise projects. Previously he has also worked for 8 years on security for IBM Israel where he led a team of IBM Global Services security professionals.