The number of incidents involving data intentionally or unintentionally leaving corporate networks is on the rise, writes Yuval Ben-Itzhak, chief technology officer at Finjan.
The CSI Computer Crime & Security Survey 2008 showed that 44% of the polled companies registered data leakage to be the second biggest problem of their corporate IT security. In a survey conducted among German companies, less than 25% said that they use HTTP traffic monitoring systems for protection from confidential data leakage. An older survey found that customer data represented the vast majority of data leaked to unauthorised parties, followed by confidential information and Protected Health Information (PHI).
Governmental agencies are also at risk, as shown in an incident from May 2009 when some parties received electronic data consisting of the latest unemployment and average earnings figures from the Office for National Statistics (ONS) before their official publication date. The ONS was forced to officially release these figures ahead of time, resulting in the Pound Sterling bouncing higher. This incident was part of a string of data breaches suffered by the British government over the past two years. Data leakage has grown into a global problem, as the following incidents show.
• In April 2009, a data leakage incident occurred in a Prague hotel (Czech Republic). The flight details and passport numbers of around 200 EU leaders were leaked by accident. The data was related to a EU-US summit held in Prague and attended by U.S. President Obama.
• In April 2009, an employee of Mitsubishi UFJ Securities sold personal data of more than 49,000 of its customers to three dealers who specialize in personal data lists, which in turn sold them to more than 80 real estate agents and other firms.
• In March 2009, a spreadsheet containing customer data of Kabel Deutschland (a German provider of Internet, cable TV and telephony) was leaked to questionable call centres
Organizations around the world have become aware of their need to protect their outbound data in transit, which is complicated when malware is involved as in the case of "Trojans phoning home". The optimal answer is a gateway-based web security solution, consisting of dedicated hardware/software platforms. Network traffic is analysed to detect unauthorised information transmissions, including HTTP, HTTPS and other protocols.
When selecting a DLP solution, an enterprise needs to focus on the following elements:
• All outbound communication should be analysed in real time and identified by their true content payload, not just by their file extensions. True Content Type detection capabilities prevent selected file types from leaking out or being downloaded by users.
• Administrators should be able to set policies based on dictionaries/lists containing words or formats (such as customer or employee information with names, addresses, social security numbers and other identity-related information) that should be protected. The solution should also enable lexical analysis and dictionaries/lists for words or formats relating to company-specific sensitive information (eg, intellectual property (IP), financial information).
• A policy-based management is needed to setup and enforce granular rules per specific user or per user group (e.g. sales, marketing, R&D, finance, legal).
• The ability to set up compliancy lists for PCI, HIPAA, GLBA, SOX, CISP, FISMA, governmental regulations, etc. is needed, especially for publicly-traded companies, financial institutions, and healthcare providers.
DLP as an integral part of the enterprise web security solution enables administrators to turn specific features on and off, deploy security features in stages and even disable superfluous functions. This type of integrated DLP solution prevents intentional (as a result of malicious activity) and unintentional data leakage with low cost of ownership.
This was first published in September 2009