How to ascertain suspected data leak from the IT landscape?

Data, the new oil that powers industries, must be shared to promote operations within and outside the organization. With large-scale digitization processes, it is easy to do so, thus enhancing operations and greater business connect. However, this also opens possibilities for data leak threat.

Wipro, an India-based leading software company, is in the news for a major breach of its systems. [1] The global media had reported that an advanced phishing attack enabled hackers, possibly sponsored by a government, to use the organization’s network to ‘listen’ to information exchanges with customers and external vendors. What is worrisome is that many clients’ data could be compromised, leading to potential GDPR implications if any of the European Union clients’ information has been compromised.

Data leak is a growing threat across industries. However, a recent article published in helpnetsecurity.com [2] states that of all industrial sectors, manufacturing is the most vulnerable to data leaks due to insider threats – the top three reasons being:

  1. User error (39%)
  2. Malicious insiders (35%)
  3. Compromised accounts (26%)

Just as in the case of Wipro, the helpnetsecurity article states that, “nearly half of them said they can’t detect insider threats before data has left the organization”. This is, unfortunately, true and has been highlighted by SECUDE in many of its blogs on the Data Leak topic.

This brings up the key question: Is it possible to monitor data flows in real time and alert authorities about data leaks?

Yes you can!

It is possible to provide complete transparency of the data downloads and machine-to-machine data flow.

Most companies running their businesses on ERP software have very little knowledge and control over how documents extracted from its systems and applications are being shared or who is accessing them. This leaves companies at a high risk of data loss due to malicious or accidental actions. Adding a monitoring solution not only logs activity, but also increases security and awareness within the enterprise.

By providing the ability to view the who, what, where, and when of any given transaction, managers can identify insider threats among employees or contractors. The data retrieved in the audit log will clearly tell if, for example, employees in the sales department have unforeseen access to sensitive HR or financial information. This pure visibility into business activities allows an enterprise to isolate their internal threats and close the gaps in the ERP security for optimal data integrity.

Gain full visibility of employee activity

It is important to track sensitive data usage and movement to identify potentially risky actions and prevent unwanted information disclosure. Thus, visualizing data downloads based on user, file type, file size, transaction, application, path, terminal, and IP address of where the file came from and where it is going to is imperative. All download activity should be aggregated into fully customizable audit logs.

Add intelligent classification

Auditing solutions that offer the ability to add intelligent classification to the audit log should be considered. Entries can be filtered into customized, configurable groups based on functional area, department code, transaction type, or simply geographic region. Such solutions will enable IT administrators to easily monitor and analyze download activity surrounding confidential HR data or private financial reports.

Maintain a full audit trail for compliance purposes

To ascertain whether data leaks do happen – or not – it is important to gain visibility into compliance-related data exports. Compliance regulations require companies to show that they can track and monitor who accessed a particular type of sensitive data and what actions they took with it. With a proven monitoring solution, data security practitioners in enterprises can significantly simplify internal auditing processes, while lowering compliance costs, as they can easily track access and movement of regulated data, even outside of the organization.

With such data monitoring solution, issues such as what happened at Wipro needn’t have come to pass.

To understand how SECUDE can help your organization in meeting its data security requirements, visit our solution page here.

Reference

[1] Wipro admits major attack

[2] Major Indian IT firm Wipro has been breached by ‘state-sponsored’ hacker

[3] Manufacturing sector most vulnerable to insider threats

Related Reading

[1] The Simple Printer: Innocuous Office Tool or Source of Silent Data Leak?

[2] Data security in times of SAP S/4HANA

[3] Compromised data is compromised security

[4] How do you secure data against Industrial Espionage?