InfoSec Insider

Insider Versus Outsider: Navigating Top Data Loss Threats

credential stuffing cyberattack

Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.

It’s no surprise that cloud adoption has increased considerably in the last year, as organizations sought to adapt to the rapid transition to remote work amid the pandemic. However, what’s shocking is that despite the many advantages cloud and software-as-a-service (SaaS) applications provide organizations, they frequently fall short when it comes to averting data loss. In fact, one in three companies admit to losing data from their cloud services. Whether from human error, malicious actors, outages, or other methods, data loss poses a very real risk to the resilience of a business.

While it may seem logical to put the blame on the organizations themselves, citing reasons such as not taking cybersecurity seriously, the reality is that is only one part of the issue. Even companies that have instituted cybersecurity best practices within their programs can be vulnerable to the problem. The explanation for this is straightforward: They fail to sufficiently secure one of the primary sources of data breaches — email.

To better protect themselves from data loss, companies first need to understand the top threats. So, let’s explore the top threats.

Staying Aware of Outside Malicious Actors

Everyone wants to believe that they wouldn’t fall victim to typical phishing scams. However, the truth is that these methods of intrusion are getting harder to spot as cybercriminals become more savvy with their tactics. Cybercriminals continue to build on trickier spear-phishing strategies that rely on brand-new techniques and even more deceitful tricks that can catch even the most discerning person unaware.

Organizations need to consider the fact that cybercriminals are going to great lengths to mask the true nature of their attacks these days. They are leveraging legitimate services to disguise their phishing links, to the point where it becomes quite challenging for even the most discerning eye to spot. They are also getting access to organizations by compromising contacts at associated organizations. Once they do this, they will launch attacks from the trusted accounts of individuals one might communicate with regularly, and often in an existing thread.

All a cybercriminal has to do is deceive one employee into providing email credentials or opening one attachment, and the entire organization is abruptly exposed to data loss. That is why in addition to having the right data-loss prevention solution, organizations also need to continually educate their employees on how to spot potentially nefarious emails and safeguard sensitive data being sent.

Navigating Internal Threats

While breaches from outside cybercriminals are becoming more complex and require more resources to combat, companies mustn’t lose sight of a data-loss cause closer to home – their employees. In their day-to-day positions, employees are entrusted with highly sensitive information, from financial and personally identifiable information (PII) to medical records or intellectual property.

While employee error is a major source of security breaches, a well-trained employee who knows how to take the proper precautions is a key defense from attacks and breaches. Over the course of their daily responsibilities, employees can mistakenly share that information outside of the secure network. Often, this data loss occurs through email, such as mentioning restricted information in outside correspondence or attaching documents that may violate customer or patient privacy.

For example, let’s say that an employee is working on a presentation that contains confidential data. They hit a roadblock while trying to fix a formatting issue and in their race to meet the looming deadline, they decide to reach out to a friend for help and send the presentation via email with the confidential data included. The moment this employee hits send, this data has now been unintentionally exposed. As a result, the business could face breach disclosure requirements, regulatory fines and an increased likelihood of cyber attacks or breaches.

There is also the risk of “insider threats,” a term used to describe an employee who intentionally abuses their legitimate credentials to destroy or attempt to move data outside of the organization. Insider threats aren’t always existing employees, they can also be previously employed, as well as independent contractors or vendors. Essentially, it is anyone who has the ability to access to a company’s systems and data.

Email serves as one of the most popular forms of communication in business by facilitating collaboration and the means to share important information inside and outside the company. However, email can be just as big of a threat as it is an asset. Companies must familiarize themselves with the most common forms of data loss to prevent customer information, intellectual property and other sensitive data from being inaccessible.

Troy Gill, is manager of security research at Zix.

Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting our microsite.

Suggested articles