Data leakage is the occurrence of an organization inadvertently exposing sensitive information – usually due to a mistake like overlooking a critical 脆弱性 -到公共互联网或不安全的网络. 此过程增加了数据被恶意行为者获取的机会.
在最坏的情况下, data “leaks” off of the originating secure network 和 into the h和s of bad actors who will hold the sensitive data for ransom or leak it wider onto more visible platforms 和 websites.
美国国家标准与技术研究院(NIST)定义了一个 违反 as:
“失去控制, 妥协, 未经授权的披露, 未经授权的收购, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for anything other than the authorized purpose.”
简单地说,数据泄露是指故意以未经授权的方式访问数据. A data leak is when an authorized user mistakenly exposes data to the internet or unauthorized networks, 但严格来说,它还没有被偷走.
The difference between these two terms is small but important when taking actions to secure the data in question or when reporting on the incident later.
Data leakage occurs as a result of a number of mistakes or oversights – or something that no one in an organization would ever have 虽然t of. 让我们来看看发生数据泄漏的几种方式:
数据泄露的影响可能是灾难性的. 但是,就像安全领域的任何事情一样,这个过程在很大程度上取决于时机. 如果分析师能够及早发现数据泄露的原因, 整体业务可能足够幸运,完全避免任何负面影响. 或者它可以将损害降到最低. 或者,它可能不得不应对改变业务或声誉的影响.
Waiting until something happens shouldn’t be the priority; it should be planning in case of the 事件. Damage to reputation is something that can 和 should be scoped prior to the occurrence of any significant future 事件. 这种方式, a business 和 its IT 和 security organizations will have a playbook to follow in such a situation. 这将有助于最大限度地减少持久的负面声誉影响.
在可能的大规模声誉受损之后, 当涉及到企业的底线时,有一个双管齐下的影响:潜力 ransomware 向威胁行为者以及将业务转移到其他地方的客户支付费用. Businesses could quickly find themselves bankrupt or extinct if they aren’t prepared for the consequences of unintended data leakage.
The amount of time it takes for an organization to return to normal operations will depend on the severity of the security 事件 following a data leak 和 in-progress initiatives that may have to be fully halted in an “all h和s on deck” type 数据安全 事件. This can cause incredible disruption to a business 和 create an operational deficit from which it could be near-impossible to return.
The current cybersecurity talent shortage 和 skills gap only seems to continue to exacerbate as more 托管安全服务提供商 are called upon to provide monitoring, detection, 和 response actions on behalf of clients. 雇佣熟练的内部人才已经是一件费力的事情. 在一次造成灾难性声誉损失的数据泄露之后? 不可能.
While there are obviously certain data types that are of higher value to threat actors – personally identifiable information (PII), 财政和健康相关, 等. -发生资料外泄的主要途径有哪些? 我们已经介绍了一些不同的功能,但是现在让我们按类型对它们进行分组.
无论是由内部来源还是供应链合作伙伴发起的, to be classified as human error in this sense the act/disclosure/exposure must be unintentional. The root cause of this data exposure or leak might have begun as a misconfiguration during the SDLC 和 turned into a gaping 脆弱性 through which high-value data was exposed.
煽动性事件也可能是一些技术含量低得多的事情. Leaving workstations unattended 和 accessible while working remotely 和 lost devices are two such examples of mishaps that occur every day 和 lead to unintended negative consequences.
为本页的目的, we are mainly discussing data leakage in a scenario whereby an internal actor – employee, 游客, 承包商, 供应商, 等. -会在不知情的情况下使数据不受保护或暴露于潜在的盗窃或赎金.
然而, if an exposure is leveraged by attackers to more easily steal potentially sensitive data, 那么这种类型的泄漏可能是攻击者发起的. 曝光的责任, 虽然, 这取决于最初负责保护数据的人. 但如果有扇门没关, we can all reasonably assume there aren’t many attackers who wouldn’t throw it wide open 和 steal sensitive data.
It's entirely possible to effectively pr事件 sensitive enterprise-level data from being exposed 和 subsequently leaking onto the public internet or into the data stores of malicious actors.
Whether one of the following pr事件ive options are used as a st和alone solution or part of a larger product suite, each organization should keep their unique needs 和 goals in mind when researching which solution/product is best for their environment.