Module-2

Data Leakage and Prevention

Module-2: Data Leakage and Prevention

• Introduction to Data Leakage

• Organizational Data Classification, Location
and Pathways
• Content Awareness
• Content Analysis Techniques
• Data Protection
• DLP Limitations
• DRM – DLP Conundrum
Module-2: Data Leakage and Prevention

• Data Leakage
– Data leakage can be defined as the malicious
practice of the transmission of data in an
unauthorized manner to an external agent,
destination, or recipient with bad intention.
Module-2: Data Leakage and Prevention

• Data Leakage
– Data leakage can be done by any internal
organization's employee or any other person. They
will misuse web services, email services, cloud
services, optical media, USB keys, and laptops.
– It is also termed as "data theft - the slow and low
approach," which creates a massive problem in
the data security industry.
Module-2: Data Leakage and Prevention

• Data Leakage
– Data leakage incident can be classified into two
categories:
1) direct losses
2) indirect losses.
Module-2: Data Leakage and Prevention
1) Direct losses
– Direct losses include violations of regulations
(such as those protecting customer privacy)
resulting in fines; settlements or customer
compensation fees; litigation involving lawsuits;
loss of future sales; costs of investigation and
remedial or restoration fees.
Module-2: Data Leakage and Prevention
2) Indirect losses
– It include reduced share price as a result of
negative publicity; damage to a company’s
goodwill and reputation; customer
abandonment; and exposure of intellectual
property (business plans, code, financial reports
and meeting agendas) to competitors.
Module-2: Data Leakage and Prevention

• Data Leakage Types

– Ill-intentional or malicious internal employees
– Accidental data breach
– Malicious intent in Electronic communication
– Physical data leakage
Module-2: Data Leakage and Prevention

• Data Leakage Types

– Ill-intentional or malicious internal employees
• Data leakages are not only done using online
mediums, electronic communication and
services, and emails.
• A vast majority of such crimes are done by
someone who is someone internal member of
the organization who has ill intentions or plans
or who might sell the internal organization's
data to third-party or rival ventures. Such type
of data leakage is termed as data exfiltration.
Module-2: Data Leakage and Prevention

• Data Leakage Types

– Accidental data breach
• Sometimes, unauthorized data leakages may
happen accidentally without any malicious
intention or purpose.
• External agents, i.e., cybercriminals, do many
data leakages. Examples of some internal
unintentional data leakages are supposed when
an internal employee sends a message, he or
she may wrongly type a wrong ID or recipient
name while sending the email.
Module-2: Data Leakage and Prevention

• Data Leakage Types

– Malicious intent in Electronic communication
• Various firms and organizations allow access to
instant messaging services, chat rooms, cloud,
and other social networking sites as a part of
their daily role.
• But the problem is, these platforms and
services residing over the internet are capable
of transferring files.
Module-2: Data Leakage and Prevention

• Data Leakage Types

– Malicious intent in Electronic communication
• Cybercriminals target these services and such
employees with malware or malicious links. The
employee might open these links, which will let
the malware come to your system by a drive-
by-download mechanism.
Module-2: Data Leakage and Prevention

• Data Leakage Types

– Malicious intent in Electronic communication
• This may now periodically keep on sending
sensitive information to the cybercriminal
remotely, who is residing on the other side of
the globe. These types of data leakage
programs work in the background without
letting users know about their existence.
Module-2: Data Leakage and Prevention

• Data Leakage Types

– Physical data leakage
• Data leakage may also be possible if any ill
intentional employee steals or overlook any
information or act as a legitimate user and
access to the system for stealing (using flash
drives) or uploading any file on cloud storage
just by lending their system for a few minutes.
The possibilities are endless.
Module-2: Data Leakage and Prevention

• DLP
– Enterprises use Data Leakage Prevention (DLP)
technology as one component in a comprehensive
plan for the handling and transmission of sensitive
data.
Module-2: Data Leakage and Prevention

• DLP can be divided into the following

categories:
– Standard security measures
– Advanced/ intelligent security measures
– Access control and encryption
– Designated DLP systems
Module-2: Data Leakage and Prevention
• Standard security measures
– Standard security measures are used by many
organizations and include common mechanisms
such as firewalls, intrusion detection systems (IDSs)
and antivirus software that can provide protection
against both outsider attacks (e.g. a firewall which
limits access to the internal network and an
intrusion detection system which detects attempted
intrusions) and inside attacks (e.g. antivirus scans to
detect a Trojan horse that may be installed on a PC
to send confidential information).
Module-2: Data Leakage and Prevention

• Advanced/ intelligent security measures

– It includes machine learning and temporal
reasoning algorithms for detecting abnormal
access to data (i.e. databases or information
retrieval systems), activity based verification (e.g.
based on keystrokes and mouse patterns),
detection of abnormal email exchange patterns,
and applying the honeypot concept for detecting
malicious insiders.
Module-2: Data Leakage and Prevention

• Access control and encryption

– Device control, access control and encryption are
used to prevent access by an unauthorized user.
These are the simplest measures that can be taken
to protect large amounts of personal data against
malicious outsider and insider attacks.
Module-2: Data Leakage and Prevention

• Designated DLP System

– intended to detect and prevent attempts to copy
or send sensitive data, intentionally or
unintentionally, without authorization, mainly by
personnel who are authorized to access the
sensitive information. A major capability of such
solutions is an ability to classify content as
sensitive.
Module-2: Data Leakage and Prevention
• Information Leak Prevention (ILP),
• Data Leak/ Loss Prevention (DLP),
• Outbound Content Compliance,
• Content Monitoring and Filtering,
• Content Monitoring and Protection (CMP) or
Extrusion Prevention.
Module-2: Data Leakage and Prevention

• Enterprise data generally exists in the

following three major states:
– Data at rest
– Data at the endpoint or in use
– Data in motion
Module-2: Data Leakage and Prevention

• Data at rest
– it resides in files systems, distributed desktops and
large centralized data stores, databases or other
storage centers.
Module-2: Data Leakage and Prevention

• Data at the endpoint or in use:

– it resides at network endpoints such as laptops;
USB devices; external drives; CD/ DVDs; archived
tapes; MP3 players; iPhones or other highly
mobile devices.
Module-2: Data Leakage and Prevention

• Data in motion:
– it moves through the network to the outside
world via email, instant messaging, peer-to-peer
(P2P), FTP or other communication mechanisms.
Module-2: Data Leakage and Prevention
Module-2: Data Leakage and Prevention