Data Leakage Protection: Don’t Let Your Data Slip Away

The amount of data businesses hold is growing all the time. By the end of 2024, there will be an estimated 149 zettabytes of information created, stored and used worldwide – that’s 149 billion terabytes. This data has almost doubled since 2021, when it was estimated to be around 84 zettabytes. It is projected to double once more by 2028.

With so much data in use, the consequences of losing control of it can be severe. For large enterprises, mishandling information could end up compromising the details of millions of people and making unwanted headlines.

It’s not just the sheer volume of data that presents a challenge in today’s environment. It’s also increasingly widely spread, with a huge number of storage solutions and devices accessing information. As well as in-house data centers that businesses need to think about, there is also an increasing sprawl of cloud storage solutions, personal devices and mobile tools that can access this information from anywhere.

Data leakage refers to any situation in which information is exposed to unauthorized individuals. This should not be confused with data loss, where data is destroyed, corrupted or otherwise rendered inaccessible.

The most dangerous type of data leakage is deliberate data breaches, when outside actors exfiltrate data. This can then be sold to the highest bidder. However, increasingly, this data is used in extortion, with hackers threatening to publish sensitive details unless the victim pays. – known as double extortion ransomware.

But deliberate cyberattacks are not the only cause of data leakage. Some other factors that can lead to this problem include:

• Human error: One of the most common issues, this can cover a range of careless behavior, from sending emails to the wrong recipient to handing over details as the result of a phishing attack.
• Misconfigured applications: Software that has not been set up correctly or left using default passwords can allow data to be exposed to unauthorized personnel.
• Poor password management: As well as leaving default passwords in place on applications, end-users who choose weak passwords or repeat the same login credentials across multiple accounts can be a major security threat. This is especially risky if employees are reusing passwords from their personal accounts, as this can mean data breaches elsewhere impact the business.
• Malicious insiders: Individuals within the business looking to exfiltrate data for their own personal gain are a form of deliberate data leak that must be addressed. This can be especially hard to spot if users have authorized access to valuable data but also covers employees viewing and copying information that is beyond their job’s remit.
• Unsecured devices: Lost or stolen devices are a common cause of data leaks. It can be easy to leave mobile gadgets on a train or at a coffee shop. And if these are not protected, information may end up in the wrong hands.
• Third-party partners: Today’s interconnected environment means a wide range of external vendors, suppliers and technology partners may have access to a firm’s network, which can pose a major security risk if they have not been thoroughly vetted to determine their own security processes.

Many businesses that miss the warning signs may be unable to stop a data leak until it is too late. This can be especially true for malicious breaches, where hackers will take precautions to cover their tracks and avoid detection, but accidental data leaks can also go unnoticed for long periods of time. However, the longer data is exposed, the more costly incidents will be. 

For example, IBM calculates that in the case of malicious data breaches, it takes an average of 292 days for firms to identify and contain a breach that involves stolen credentials. It also noted that for incidents lasting over 200 days, the average cost reached $5.46 million in 2024, compared with $4.07 million for those under 200 days.

There are several warning signs that can indicate data leakage that can be identified with the right technology. These involve comprehensive monitoring of a business’ systems, particularly endpoints, for any unusual behavior patterns.

Some common red flags that these tools look for include:

• Repeated failed attempts to log in to an account
• Accessing files or systems that would not normally be needed by the account owner
• Activities such as renaming or copying files
• File access outside of normal working hours or from unusual locations
• Attempts to send data to destinations with unrecognized or overseas IP addresses 
• Abnormally large file transfers

One of the most common ways in which data is exposed is through social engineering attacks. These can include:

• Email phishing
• Voice phishing
• Spear phishing
• SMS phishing
• Business email compromise
• Honeytraps

These often look to trick people into handing over login credentials, which cybercriminals can then use to gain access to databases or other applications. However, they may also seek to get people to share data directly. 

For example, there have been incidents reported in which criminals have posed as a company’s CEO or other senior executives using business email compromise tactics, asking lower-level employees for information. Often, people may feel less confident questioning instructions that appear to come from these individuals. Remote workers may also be at higher risk of these tactics as they are more used to communicating primarily via email.

To counter the threat posed by data leakage, a holistic, enterprise-wide approach is needed. This requires both technology solutions and education for employees.

It’s important that everyone within the business is aware of their responsibilities when it comes to handling sensitive data. To reinforce this message, frequent training must be carried out that teaches everyone about dos and don’ts for protecting valuable information. Topics to cover as part of this include:

• How to spot phishing techniques and other social engineering tactics
• Who to notify if employees are suspicious of anything or lose a device
• Password management 
• Risk related to the use of personal devices and remote working
• Reminders against using unapproved, consumer-grade cloud tools

On an enterprise level, there are a range of tools that businesses should be deploying to guard against data leakage and breaches. These include:

• Strong encryption: This means that even if data is leaked, it will be unreadable by unauthorized personnel.
• Access controls: Ensure only approved personnel can view data using multifactor authentication and monitoring for any unusual login attempts, especially for privileged accounts.
• Principle of least privilege: This is the idea that all employees should only be given the minimum level of access to data needed to conduct their tasks.
• Endpoint protection tools: Monitor behavior and data traffic across all endpoints and react to shut down data exfiltration attempts quickly.
• Remote wiping capabilities: The ability to delete data from a laptop or smartphone remotely if it has been lost or stolen helps protect data.

A key defense against data leakage is specialized data loss prevention (DLP). These tools monitor systems for activities that can indicate data loss, such as suspicious traffic, and help alert security teams to threats as quickly as possible. While there are a wide range of options to choose from, advanced tools that focus on endpoints and preventing data exfiltration should be a key priority for businesses.

In order to offer the strongest possible protection against data leakage, firms should look for the following important features when evaluating potential DLP solutions:

• Behavioral monitoring
• Active threat hunting
• Real-time alerts and reporting
• Machine learning
• Data loss protection
• Automated responses to threats

While prevention is always better than cure, unfortunately, even the best-prepared businesses may eventually fall victim to a data leakage incident. If this does happen, having a clear plan in place for both immediate steps and longer-term recovery is essential in minimizing any damage, both in terms of disruption to operations and financial costs.

Effective endpoint protection and anti data exfiltration (ADX) technology should be able to automatically block any attempted data transfers as soon as they are detected. However, there are several other vital steps that must be taken when a data leak is discovered. These include:

• Isolate affected systems or enable remote data wiping if necessary
• Do not shut down devices as this may destroy evidence about what happened
• Enact backup and recovery plans to retrieve any lost or deleted data
• Inform any regulatory bodies that have reporting requirements as early as possible (usually within 48 hours)

In the longer term, the focus should be on hardening systems and training employees to avoid a repeat of the data leak. However, there are a range of ongoing expenses that will also need to be considered. As well as the costs for new technologies or hardware, expenses can include hiring third-party experts to investigate how the leak occurred and penetration testing specialists to uncover any weaknesses in the upgraded systems.

For serious data leaks that compromise customer data, the ongoing legal expenses can also be challenging. This may include regulatory penalties, compensation from class-action lawsuits and other expenses such as paying for credit monitoring services for affected users. These costs can quickly mount up and can easily run into millions of dollars, again emphasizing why it’s much better to prevent data leaks in the first place than deal with the aftermath.

In the coming years, firms will have to deal with a range of challenges. Regulations are only set to get tighter as citizens around the world become more aware of the value of their data and acceptance of poor handling of sensitive information continues to fall. Modern data protection laws are likely to increasingly focus on consumer data rights, including the right for individuals to access and delete their own data. This means firms will have to make protecting personal data a bigger priority.

When it comes to detecting potential data leakage, the emergence of artificial intelligence and machine learning tools will play a major role in boosting data security. These technologies will be particularly useful when it comes to monitoring systems and endpoints for unusual behavior. 

Already, advanced ADX systems use AI to improve and automate the process of blocking suspicious data transfers. As these methods become more widely implemented they are likely to replace traditional approaches such as signature detection to identify data breaches. This will be highly important in defending against threats such as zero-day vulnerabilities and fileless attacks that aim to bypass tools such as antimalware.