22-09-2014, 10:54 AM
Data Leakage: Four Sources of Abuse
Data Leakage.pdf (Size: 501.65 KB / Downloads: 22)
Introduction
This paper will discuss the issues surrounding the protection of key corporate assets such as intellectual
property, protected trade secrets, customer information, and regulated content. There are four major
threat vectors: theft by outsiders, malicious sabotage by insiders, inadvertent misuse by authorized users,
and mistakes created by substandard policies. We will demonstrate how a comprehensive gateway
security infrastructure will help enterprises prevent data leakage from all four threats.
Defending the Perimeter
Every technology has a lifecycle. In the world of hacking, the “users” have moved beyond bored
teenagers and are now dominated by cyber-criminals. They are using zombies, Trojans, logic bombs,
scavenging, and viruses to infiltrate networks in order to gain access to sensitive information... information
that they can use for profit, sabotage, or even revenge. Today’s exploits are well hidden, often dormant
for long periods of time, activated only in short, virtually undetectable bursts and embedded deep into
systems and resources.
Hackers can obtain protected data any number of ways:
• Adding blocks of data, or interspersing data with otherwise routine code
• Encoding data to look like something else, such as an image file
• Using “Spear Phishing,” to masquerade as an employer, boss, HR official, or colleague to obtain
legitimate credentials from authorized users
• Eavesdropping on keyboard strokes to uncover passwords
• Electronic piggybacking when authorized users don’t logoff after use
• Scavenging through undeleted, under-deleted, or residual data left in computers, tapes, or disks
after job execution
• Using “salami” techniques to debit small amounts of assets from a large number of sources or
accounts, without noticeably reducing the whole
• Exploiting overlooked trapdoors left in by programmers or created through engineering design flaws
• Inserting logic bombs that can be used to trigger an act based on any specified condition or data
that may occur or be introduced
• Using asynchronous attacks to gain access to a checkpoint restart copy of a program, data, and
system parameters
• Using SQL injection attacks to gain access to databases and steal data
• Exploiting holes in non-traditional technologies:
– Protocols such as instant messaging (IM) or voice over IP (VoIP)
– Applications such as Powerpoint, Word, and Excel
– Multimedia programs such as RealPlayer, Quicktime, and
Conclusion
According to a November, 2006 CIO Insight survey that interviewed thousands of IT executives,
managing sensitive data safely is a priority, but also a challenge. Some of the more interesting findings in
this survey include:
• 51% of enterprises with revenues of over $1 billion have had at least one security breach in the last
12 months
• Top five types of security breaches most commonly cited are:
o Penetration by spyware and other malware: 55%
o Penetration by viruses, worms, and Trojans: 53%
o Lost or stolen equipment containing customer data: 45%
o Attacks on the corporate Web site (denial of service): 25%
o Stolen data or malicious attacks by employees or former employees: 23%
• 48% of financial services firms have been a target of cyber-crime
• 25% of enterprises have been targeted by organized criminals
• 21% of enterprises have been targeted by former employees
• 21% of US enterprises believe that their current infrastructure provides inadequate protection
against viruses, worms, hackers, and unauthorized access
• 42% believe that infected email poses a significant security threat
• 40% believe that attacks or infiltration of the corporate network pose a significant security threat
(Source: CIO Insights: The 30 Most Important IT Trends for 2007 http://www.cioinsight
article2/0,1540,2061548,00.asp)
More and more, corporate assets and regulated content are created, stored, managed, and transmitted
digitally. While this provides efficiencies and cost savings, it also creates opportunities for abuse, from
both the outside and the inside, from criminals and from human error. A comprehensive, gateway-based,
security infrastructure will help ensure that your enterprise’s protected and sensitive data is accessed and
handled properly. After all, no one wants their name on the front page of the Wall St. Journal under the
headline of “Another Company Fails to Protect Consumer Data” or even worse “Company Classified
Information for Sale on eBay: Buy Now.”
For more information about any of Secure Computing’s products or services, please contact us or an
authorized partner