At the heart of strong cyber resilience are certain core elements. One such area is data leakage prevention: data leaks are the most common digital risk faced by enterprises. In this article Pauline Losson looks at where the specific risks are in this area and how organizations should respond to these.
While the digital infrastructure of all industries is facing waves of new cyber risks every day, data leaks still remain the primary reason for most of the cyber attacks that occur. According to the latest CybelAngel research, data leak incidents increased by a massive 63 percent in 2021 and 61 percent of all security incidents last year were attributed to this security issue. Sensitive data that becomes exposed in the wild is easy pickings for attackers to exploit and then use to craft more sophisticated cyber attacks. With wide-scale digital transformation and cloud migration taking place across many industries, mitigating the high level of risk posed by data leaks is a top priority for security teams.
The first step security leaders must undertake is to understand the depth of this problem and identify the various common sources of data leaks.
Identifying the various sources of data leaks
Data leaking outside of the network is a multi-variant problem and leaks can come from several different sources – open databases, unsecured cloud storage buckets, and Internet-connected devices. Most often, threat actors look for what is easy to take advantage of and what can give them relatively simple access to an organization’s network. The CyberAngel research found that cloud storage leaks soared by 150 percent in 2021, making cloud storage systems one of the most exploited avenues of attack.
This unprecedented increase in cloud storage leaks was mostly a result of the remote working revolution driven by the pandemic. As more employees were logging in from different locations through unsecured private networks and personal devices, cybercriminals were able to exploit this situation by targeting critical cloud assets. To facilitate the transition from a traditional work environment, many enterprises are using legacy systems like VPNs to allow their employees to remotely access critical corporate assets. Such outdated legacy systems coupled with unsecured private network endpoints are often no match for sophisticated cyber attacks.
The CyberAngel survey also found that source code leaks increased by 66 percent in 2021. These leaks mostly came from public GitHub repositories, where developers often left their credentials exposed within public source code files. While source code leaks are mostly attributed to a poor lack of awareness from in-house development teams, it is also a result of increased outsourcing of technical projects where more third-parties become involved.
The critical shortage of skilled labour in 2021, saw a lot of organizations outsourcing development projects to freelancers or third-party developers. These developers work completely outside of the secured corporate perimeter, and often they are not provided with the same level of awareness training as the internal workforce. This increased the likelihood of corporate credentials being left openly visible in public repositories, specifically on GitHub. In fact, CybelAngel’s research saw a massive 117 percent jump in GitHub incident reports in the final quarter of 2021.
Furthermore, exposed credentials and shadow assets were also a major source of data leaks last year. Exposed credentials soared by 50 percent, which is a result of poor password practice, lack of endpoint solutions, and lack of effective audits from organizations. The rapid increase of cloud adoption also drove a 40 percent increase in shadow assets. As more organizations are getting to grips with the cloud migration process, it is critical that all assets are secured and protected within the network infrastructure. Any leaked credentials or sensitive data floating around the digital space can serve as an entry point for cybercriminals to slip through without detection - putting organizations at risk of data theft, network takeovers, companywide shut downs and ransom demands.
Constant monitoring and increased network visibility is the key to data leak prevention
Organizations must undertake proactive measures to address the increasing risk of data leaks. Effective risk monitoring and real-time response are the keys to securing corporate platforms from potential data leak incidents. Using automated solutions can help companies constantly monitor the entire network for vulnerabilities and close down potential attack paths in real-time. Automated solutions can also free-up critical resources of an organization and allow security teams to direct their focus on resolving issues that need instant responses.
Furthermore, it is also imperative to have visibility outside of your organizational network. It’s not always clear where you are leaking sensitive information or where critical assets are exposed. Scouring every layer of the web is important to prevent any potential security incident that can threaten critical company assets. Having a dedicated team of skilled analysts to monitor external platforms for leaked data can also provide effective protection against data-driven security incidents.
Businesses focusing on cloud migration and remote working must also incorporate endpoint solutions to secure private access points such as personal devices or home networks. Implementing effective IAM (identity and access management) tools based on advanced security frameworks like zero trust can also help to protect the network from potential intruders.
Lastly, security leaders must remember that most data leak incidents do not happen spontaneously. Attackers use a certain targeting mechanism and take advantage of vulnerabilities that are often unknown to security teams. So, businesses need to incorporate a combined approach by integrating automated solutions and skilled human resources to provide real-time alerts to exposed data. These initiatives can help to prevent security incidents originating from data leaks and close down entry points for sophisticated cyber attacks like theft, fraud or a ransomware attack.
Pauline Losson is Cyber Operations Director at CybelAngel.