How to easily steal company data

Natalya Kaspersky says theft is easiest from the inside.

Tags: Kaspersky Lab
  • E-Mail
How to easily steal company data
By  Georgina Enzer Published  September 10, 2013

If an outsider wants to break into an enterprise to steal data, they very often use insiders because it is much easier and quicker then having to develop a hacking program, according to Natalya Kaspersky CEO of data loss prevention expert InfoWatch.

“If you know whom you can connect to and ask for the data then it is unfortunately very difficult to prevent,” she said.

According to InfoWatch, data loss prevention software is a good start for companies to use to prevent some degree of insider theft of data.

However, Kaspersky said that if someone really wants the data there is not really any way of stopping it, for example an insider can take a photo of the computer screen with their mobile phone and there is no way to stop that kind of leakage.

“Data loss prevention software is better than nothing at all, but it does not give a guarantee. But, what we can do is analyse people’s behaviour and how they use information. For example if a bookkeeper who mostly writes financial applications and connects to the finance department, suddenly starts to contact the research and development team a lot, exchanging huge amounts of documents, then they can be flagged and the people involved can be monitored,” said Kaspersky. “It is much easier to address 1% of the company rather than the whole company.”

Top 10... tips to prevent data loss

1. Audit data access
2. Inventory permissions and group memberships
3. Prioritise at risk data
4. Remove global access groups and revoke broad access rights
5. Identify data owners
6. Perform entitlement reviews
7. Align security groups with your data
8. Audit permissions and group membership changes
9. Lock down, delete or archive stale data
10. Clean up stale groups and access control lists
Source: Varonis Systems

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code