Plug the leak

Data leakage is as real a threat for Middle East enterprises as it is for other global firms. Several new solutions in the market mean to address the problem, but enterprises need to act with caution when choosing and working with one.

Information has a way of flowing out of organisations. It has done so in the past and it continues to do so, but the problem these days is that this information can be put to use in a malicious way.

This is why it has become essential now for organisations to prevent its confidential data from moving out of the corporate network.

 

"There has been an exponential rise in findings from around 3000 in 2003 to hundreds of millions of records being stolen last year. For some the question could be, has the number really risen or do people feel more obliged to report losses now? Before 2003 there were no specific laws or regulations that would force people to report incidents and thus nobody did. Others would say that this is real growth. Whatever it is, the numbers are shocking," says Asem Galal, general manager for McAfee in UAE, Qatar, Egypt, Kuwait as well as MEEM.

There are many ways in which data can be stolen.

"Data exfiltration can be achieved via multiple channels. The network is a channel of choice; bots, keyloggers, Trojan horses and spyware are loaded with modules dedicated to exfiltrating the stolen information," says Guillaume Lovet, senior manager, threat response team, EMEA, Fortinet Technologies.

Data can also be shared or stolen by internal employees, and according to some analysts, more than 75% of all information loss in an organisation can be traced to employee behaviour.

"E-mail and portable devices such as laptops, CDs and flash drives are the most common culprits. With e-mail, important information can be sent with little chance of immediate detection, though it can be easy to find the evidence later," says Nigel Tozer, channel development manager at CommVault.

Most industry experts accept that the data flow from within a firm occurs in an inadvertent fashion and most employees do not send data out intentionally.

Most of them are not aware that the data is confidential or that it can be used to harm the company.

Whatever the intention though, it is doubtless that the threat of data leakage is as big in this region as anywhere else in the globe.

"The internet economy is, in my opinion, the first and only global economy, in the sense that everybody is equal in terms of dangers. Not everybody is equal in terms of protection. That is a different story," says Galal.

The lay of the land

To address the growing concern of information leakage, many security vendors, including Symantec, McAfee and RSA, have launched data leakage prevention (DLP) packages in the region.