Cyberattacks and compliance violations pose a growing threat to organizations worldwide as fraudsters, cybercriminals and ill-intentioned employees make data their target. At the same time, organizations are relying more and more on technology and increasing digitization efforts which leaves us in a place where our data treasures are constantly at risk.
Where there is a treasure, there are treasure hunters
Businesses are built on data. Data is needed to plan, to operate, to store information and to communicate. But there is not only a dependency on data to ensure business operations. Organizations are also committed to retaining and to providing data to comply with statutory obligations (e.g., General Data Protection Regulation – GDPR) and contractual requirements. Data are the crown jewels of every corporation, a treasure of immense value with a special need for protection.
The value of data is enhanced by the many ways it can be utilized, for example to keep track of key performance measures, to optimize processes, to create insights and drive automation. In addition, their value is increased by the applicable data protection regulations, as stricter rules and potential penalties for non-compliance clarify the need for and the necessity of information protection. Naturally, fraudsters are drawn to the data treasures of organizations as they are interested in using them for their own purposes, they know about the importance that is given to data and about the pressures organizations are under. This translates into different forms of internal and external threats that businesses must face.
What is a data leakage?
One prominent threat that can have enormous consequences for any organization is a data leakage. This means that personally identifiable information (so called PII data) or other confidential data (e.g., crown jewels such as financial data, health data, strategic data, construction plans, production recipes) is shared with or accessed by unauthorized individuals. A data leakage is characterized by the aspect of exposure which means that the target data is made available to a broad audience. A data leakage can occur due to various causes such as insufficient permission structures and security policies inside a business, cybercrime attacks or targeted industry espionage from competitors or foreign countries’ secret agencies that can lead to data exfiltration and data publishing in the darknet.
What if it happens to me?
When an organization notices a data leakage incident, numerous decisions have to be made within a short time. To manage this challenging situation, the following success factors can prove helpful:
1) Determine the threat situation and secure the evidence
After a suspected data leakage incident has happened, it is important to determine the threat situation and to perform an initial digital forensic analysis. During this stage, the required data and the information needed for reporting and forensic analysis purposes (e.g., logfiles) must be secured as the implementation of rash measures carries the risk of destroying important evidence.
2) Comply with data protection laws and regulations
A timely and formal notification of data leakage incidents to the competent authorities and affected parties must take place. In particular, the requirements of the GDPR and other applicable laws of the respective affected countries must be complied with, otherwise penalties may result, and an organization’s reputation may be at risk if information duties are not fulfilled.
3) Manage your risks and ensure contractual compliance
A data leakage may lead to a variety of risks such as labor-related, fiscal and legal risks. For example, and depending on the case, it may be necessary to file a criminal complaint or to initiate adequate legal and labor-law measures. In addition to compliance with legal requirements, it is important to review contractual requirements (e.g., with suppliers and customers), which may have been affected by the data leakage incident to make sure that they can be met and to reduce the risk of contractual penalties. Therefore, the extent of data leakage must be identified and the party responsible for it must be evaluated to assess the intention and potential next steps of criminals and determine own response measures.
4) Conduct an investigation into the data leakage
Depending on the data involved and the circumstances of the case, it is recommended to initiate an investigation into the data leakage to assess the specific case from a forensic point of view and, if necessary, carry out a legal analysis. The investigation typically includes the quantification and qualification of target data as well as a root cause analysis to reconstruct the course of action and identify potential security gaps.
Our conclusion: In the event of a data leakage incident, the responsible functions within an organization must act quickly and thoughtfully while they overview complex subject areas. A well-informed approach that respects the multidisciplinary aspects of the case as well as an early-on involvement of experienced subject-matter experts makes all the difference.