What is a data leak?
A data leak is the overlooked exposure of sensitive data. Exposure to this data can be physical, such as a logbook containing login information being accessed by an unauthorized person. Or, more commonly, data exposure occurs electronically through software vulnerabilities.
What is the difference between a data leak and a data breach?
A data leak/leakage occurs because a vulnerability is overlooked and remains unknowingly exposed to the public. Leaked data can be exposed for years before it is discovered by cybercriminals or security teams.
A data breach, on the other hand, is entirely caused by cybercriminals. The criminals intentionally launch a cyberattack on the targeted database.
Some causes of data leakage
Incorrect software settings
Improperly configured software can expose sensitive breach records. If the leaked software is popular, millions of users could then be potentially exposed to cyberattacks.
In 2021, Microsoft PowerApps data was leaked due to misconfiguration. By default, after access sensitive user data was set “disabled”. This led to at least 38 million records including employee information, COVID-19 vaccination data, and COVID-19 contact tracking data being exposed.
Social engineering
Social engineering is psychological manipulation to obtain sensitive credentials from victims. Social engineering is often done through phishing, either verbally or electronically.
An example of a verbal phishing scam is a threat actor calling an employee while posing as an IT technician. Then, the perpetrator asks for login credentials under the pretext of fixing internal IT problems in the company. This scam, combined with provocation to reflect a sense of urgency towards the “problem”, causes less understanding employees to be tricked into providing login credentials for free.
Meanwhile, electronic phishing cases are more common as they can reach a larger list of victims more quickly. The most popular form of this type of social engineering is email phishing. This strategy is increasingly sophisticated and difficult to detect, especially when phishing emails capitalize on recipient anxiety.
Reused passwords
In many cases, a single password for one exposed account increases the risk of breaching other accounts as users tend to use the same password across all their logins. This poor security practice leads to critical data leaks as stolen customer data is usually sold through dark web forums.
Physical theft of sensitive devices
Sensitive devices such as stolen laptops can be used by cybercriminals to facilitate security breaches, or identity theft, leading to data breaches.
Software vulnerabilities
Software vulnerabilities, such as zero-day exploits, make it easier for cybercriminals to access sensitive resources. Once these vulnerabilities are exploited, this exposure can lead to a number of security incidents, including unauthorized access, malware attacks, social media account compromise, and even credit card theft.
Use of default passwords
Cybercriminals even publicly know the default passwords of many new devices. Therefore, unaltered factory default credentials are classified as a data leak.
IoT devices are most affected by such exposure. When purchased, devices come with standard login combinations for easy installation. Common username and password combinations including “admin” or “12345” that are not changed make the device accessible to irresponsible people.
In fact, the manufacturer has instructed to change the credentials before use. However, this instruction is rarely followed by many people, including even small and large companies. In fact, IoT devices are usually connected in one network, so data leakage can facilitate large-scale DDoS attacks.
How to deal with data leakage?
To address data leakage, take the following preventive measures:
Simplify access permissions
Distinguish between simplifying access permissions and ignoring privileged access management. By simplifying access permissions, users can ensure that only they actually have access rights to sensitive resources. Conversely, a complicated access permission workflow makes it easier to accidentally grant users deeper access permissions than they need.
Educate staff well
Human error is the most significant security threat. Train staff to recognize common social engineering tactics. Also to accurately recognize when a cyberattack is occurring.
Use multi-factor authentication
Multi-factor authentication can cause employees to recognize that they are being attacked by cybercriminals. This additional security system may be enough to make employees realize something is wrong or restore a manipulated mindset, and then report it to the internal security team.
Encrypt all data
Accidentally leaked data is of little use to cybercriminals if it is effectively encrypted. Use the most secure forms of encryption such as AES encryption and PGP encryption.
Use a password manager
Default passwords are often used because companies already have too many passwords to remember. Password managers conveniently store all passwords in one platform, and can be utilized to create highly complex password suggestions for each new login. This prevents the use of the same password on different platforms.
Implement a data leak detection solution
Preventive measures such as those mentioned above can indeed avoid data exposure. However, they will fail to detect complex data leaks that may still slip through advanced security holes.
To prevent data leakage, use data leak detection solutions. These solutions surface and dark web to find data leaks that can be found in cybercriminal interactions. These solutions can be fully automated or supported by cybersecurity analytics.
Find data leakage solutions with Hypernet. Contact CS for more information.
