What is represented by date leaks? As far as they are dangerous?
Date leak means hit of confidential information to the person which has to it no legitimate access, in particular, of personal data, a trade or state secret in open access or to competitors. In case of date leak the organization can face a number of unpleasant effects – from penalties from the state regulator and loss of the reputation before transition of clients to competitors and the class action from victims.
Moreover, in Russia special measure of responsibility for the companies which are personal data operators, but not using adequate measures of data protection is provided. So the penalty can be received even without existence of a fact in evidence of leak. As of 2015 it small also makes only 5000 rubles, but in the near future the situation can change.
Besides, leaks anyway cause serious damage. So, the leak which happened in the fall of 2015 from the website led Kinopoisk to the publication of plans about development of the company, structure of service and other confidential information that affected competitive positions of the company in the market and led to multimillion losses.
The command of "Yandex" spent several million dollars for development of new design and functionality of Kinopoisk. At least, so tell media. Other fact – employees of "Yandex" violated the nondisclosure agreement, allowed date leak and left the company. As a result service works on the old engine, money is spent, did not receive return from investments of "Yandex". Whether there is in this case direct link between leak and financial losses? I consider what is. Sergey Hayruk, analyst of InfoWatch
|
What statistics of leaks in the Russian companies in recent years? What companies are in a risk zone?
According to analytical center InfoWatch, Russia takes two years in a row the second place in the world on number of leaks. At the same time several years their stable growth is observed. In particular, in 2014 the number of the Russian date leaks grew by 25%. For the same period the volume of the compromised data increased more than by 2.5 times, as a result in a year in Russia more than 8 million records about personal data of Russians which represent the most attractive category of confidential information for malefactors flowed away. Personal data leakages make 90% of all incidents of this sort.
At the same time the main source of date leaks is medium and small business of which 71% of the total number of leaks are the share. As note in InfoWatch, the most interesting purposes for malefactors are the organizations of the financial sector – banks and insurance companies. In 2014 on their share 20% of all leaks walked. Meanwhile, personal data most often flowed away from Internet services and educational institutions where they are least protected.
What types of leaks exist?
Leaks can be separated on a vector of influence and on intentions.
According to the first sign the compromise of data is caused by actions of staff of the company and is called the insider attack. In case of an external vector of influence leak results from the hacker attack, according to Analytical center InfoWatch, the majority of incidents takes place because of the staff of the companies.
The second factor allows to classify insider activity: internal leaks are malicious and unintentional. So employees can specially steal confidential information and transfer it to the third parties, or do it accidental: because of insufficient qualification, in connection with negligence or due to the lack of well-defined corporate rules of work with information.
According to InfoWatch in 2014 in Russia 74% of accidental leaks and 18% intentional were observed. In 74% of cases guilty of information leak was staff of the companies, and only in 7% of cases – bosses of the organizations.
How does leak happen?
Experts of InfoWatch note that the most part of leaks happens via channels which can be controlled technical means. Still leaks happen in the Russian companies, as a rule, on one of two channels: on the Internet or on paper. Employees just send information from the working computer to 37% of cases, for example, in a cloud or via the web interface of personal mail, and in 35% just print confidential documents and carry away them with themselves.
But nevertheless real channels of leaks also USB information media and mobile devices which are used today practically by all staff of the companies, irrespective of their position and official position are less popular.
According to the research InfoWatch, the share of leaks grew from category "the channel is not defined" in 2015 and made 31% in 1 half-year 2015. For example, in October, 2015 data of 20,000 users of the operator of public transport in Vienna (Wienner Linen) were published to former employees. Due to the lack of a control system and protection representatives of the company cannot even tell how the dismissed employee managed to get access to these data.
What to do to the company executive if he learned about leak?
As of 2015 in Russia there is no law requiring to open data on leaks neither before clients nor before media. Therefore at emergence of leak it is necessary to analyze first of all as loss of data can influence organization activity and take preventive measures and also implement the corresponding security systems which will help to close the detected channel of leaks.
However it is necessary to remember that in Russia leaks often remain imperceptible not only for media, but also for the affected companies. For example, during pilot system implementations of traffic observation of InfoWatch Traffic Monitor Enterprise in 2014 cases of leaks (both internal, and external) were revealed about which the companies knew nothing.
What solutions can be applied to counteraction to leaks?
As the basic reason of leaks – actions of insiders, protection against leaks means installation of means of protecting from internal threats. The systems of the class DLP (Data Leakage Prevention) are for this purpose applied.
The second type of systems represents special software or the equipment for gateways which analyzes all traffic which is going beyond the company. After careful setup, such systems allow to detect transfer of confidential information at the time of sending data, to stop the fact of violation and to identify guilty persons.
All listed means of protecting supplement the systems of differentiation of access rights and data encryption. Such solutions will not allow the user to address data which are not necessary to him in work and also provide data protection from interception by transfer on the open Internet and also do not allow to read confidential information in case of loss of the mobile device or the USB drive. The main thing that the used systems located the necessary FSTEC certificate and conformed to requirements for a certain class of protection if your company is a personal data operator.
All projects of InfoWatch on protection against information leaks in TAdviser base
How much is system of protection against leaks?
The cost of protection against date leaks will strongly depend on the selected strategy, the number of the protected workstations and mobile devices, the power of the set means of traffic filtering on the gateway, existence of additional elements, such as data protection in cloud storages or applications launch control. For example, if to purchase only solutions for protection against copying through USB port, the cost of protection will be several thousands of rubles on one PC, and the cost of end-to-end systems appears suppliers only on demand.