Claire Nicol joined the company in 2015 having moved to Melbourne from London and is currently the Customer Development Sales Manager. Her passion for Cyber Resilience has been driven by the continual evolution of malicious actors specifically the craftiness of their campaigns to compromise users and breach organisation. She values discussing this with customers to understand and learn their perspective and experiences. During her time in Mimecast she has been fortunate to work with existing customers to enhance their resilience posture and help maximise the value of their Mimecast services.
How and where you may be leaking data
Fighting data leaks in a changing world
A data leak is an unauthorised transfer of data, typically to an external recipient. Data leaks used to happen when physical documents fell into unwanted hands, but nowadays, they typically occur in digital form. In the early days, the commercial digital landscape was fairly simple: a company would control access to on-prem resources via firewalls and encryption, safeguarding data through a policed perimeter that shady individuals couldn’t get to.
But the world has changed. Crucial processes may now be managed on cloud-based systems, key work may be handled by remote workers, and staff may use their own devices to access sensitive systems and documents.
Cybersecurity threats have escalated as a result. Mimecast’s research shows that in 2021, 65% of Australian companies believed employee behaviour was putting their organisation at risk, while 69% have been hit by an attack that spread from a compromised user. Given how much we rely on digital systems, breaches can lead to systems outages, ransomware demands and serious reputational damage, often on a global scale.
Today, cybersecurity policies must safeguard systems that can be accessed internally and externally. They must also track and control the information that can be used to attack those systems. While the technology to do that exists, the human element is still the wildcard when it comes to security risks. Here’s how your colleagues may be inadvertently leaking data.
Why personal data is a gold mine for hackers
A user’s personal data offers hackers a number of attack points. Employees may use the same passwords for company emails as they do for TV streaming services or social media, for example, meaning a data leak at Netflix or Facebook can end up hurting your organisation.
Everyday smartphone use brings other dangers. Accepting requests from apps for geolocation or posting images to social media that contain location metadata will give away employees’ physical location. Keeping social media accounts active, meanwhile, will ensure cookies are always tracking whatever information they can get their hands on.
The other danger of social media is that it blurs the line between work data and personal life. An executive might think nothing of promoting a recent conference speech on Twitter, or listing recent clients and their projects on LinkedIn – where they might also share their job title and tag other colleagues. These details can be a gold mine for hackers, helping them tease out everything from company hierarchies to the contact info of their key business partners.
Cybercriminals can use specialised apps to profile your staff and their behaviour using Twitter, Facebook and other readily available data. Some can even generate heat maps of users’ movements, opening up more and more information for hackers to exploit.
Malware and phishing are an increasing risk
With remote work quickly becoming the norm, employees may access your company servers via public, unencrypted wi-fi, leaving them open to attack, while gig workers may slip through otherwise robust cybersecurity protocols. Lost or stolen devices – whether an employee’s own phone, or company laptop – can also be the start of a cybersecurity nightmare.
Once cybercriminals have your staff’s information, they can launch spear phishing attacks and use unique data to make their scams more convincing. Knowing a target’s job title and recent projects makes it a lot easier to mislead users, putting your staff and their colleagues at even more risk.
And this is just one part of the picture. As the Internet of Things connects everything from heating systems to inventory trackers at work and at home, hackers have an ever-wider surface to compromise and spy upon. Cybercriminals will exploit the weakest link in your cybersecurity chain, and data breaches will result.
Loose data is your enemy – but it can also be your ally
The availability of data about your users and systems is a huge threat, and ambitious hackers do plenty of reconnaissance and intel-gathering on their intended targets before they attack. But publicly available information, also known as Open Source Intelligence (OSINT), can also be a vital weapon against cybercriminals.
In the absence of a definable perimeter, running automated reports that combine numerous data sources can help you identify the territory you need to manage and protect – because you can be sure that an attacker will do the same thing. OSINT can build data profiles on everything from host names and cloud services to email addresses and social media posts. What you find may challenge your assumptions about the threats to your organisation, and help you respond accordingly.
Building your cyber resilience
In this evolving threat landscape, preventing data leaks and building cyber resilience involves not just one strategy, but several:
OSINT can assess weak links in your organisation and shape your priorities
multi-factor authentication and encryption can keep data more secure
personal devices can be safeguarded by mandating VPNs and antivirus software
installing updates and patches as soon as they become available can stave off phishing and malware
employee training should be frequent and include gig and remote workers, as well as informing colleagues about personal security and social media use
zero trust models can prevent threats from spreading
The idea of a single attack surface that can be monitored and secured by firewalls and physical security no longer stands up. Social media, personal devices and remote work are here to stay, and need to be managed effectively.
Preventing data breaches is an ongoing challenge, and training, device policies and encryption are among the most effective tools to keep your data safe. Meanwhile, using OSINT, the very data that cybercriminals seek to exploit, can help you understand the nature of the threat and work out the best way to combat data leaks.