Detecting Exposed Company Data: The What, Why, and How

Detecting Exposed Company Data: The What, Why, and How
Michael Marriott
Read More From Michael Marriott
March 12, 2019 | 3 Min Read

What is data loss detection?

A fundamental responsibility for any IT security professional is to secure their information assets, be that customer data, financial information, or any other critical information. This is critical for maintaining a competitive advantage, avoiding regulatory fines, and remaining compliant.

Often the focus is on controlling flows of sensitive data over the perimeter or within the network, perhaps with Data Loss Prevention solutions. Unfortunately, a significant amount of organizations’ data is already exposed online. Organizations need to detect and remove this information before it falls into the hands of adversaries.

 

Top five types of data loss

Every week, 50% of our customers detect exposed sensitive data, which can be any of the following five types.

  1. Technical information. Code-sharing sites like GitHub can be a goldmine for adversaries when sensitive technical information becomes inadvertently exposed. Typical examples include private RSA keys, admin credentials, proprietary code, and network information.
  2. Employee credentials. With employees re-using their work emails across third parties, exposed credentials can enable attackers to perform account takeovers. These can be emails of individuals, but also departments. For example, last year we found that over 33,000 accounting inbox credentials are exposed – potentially facilitating Business Email Compromise.
  3. Sensitive documents. This can include exposed contracts, employee pay stubs, and confidential board minutes. These can reference sensitive projects, company performance, or upcoming merger and acquisitions.
  4. Intellectual Property. Exposed intellectual property, such as product designs and patent information, leaves you vulnerable to corporate espionage and competitive intelligence.
  5. Customer Data. Exposed customer details, such as PII (Personally Identifiable Information), can create brand and business risk, as well as regulatory problems.

 

Third parties a leading cause of data loss

While malicious insiders can be responsible for data loss, it’s more often a result of inadvertent employees or third party actions. This was starkly portrayed in our Too Much Information research, in which we analyzed how online file stores  expose data. In total, we discovered over 1.5 billion files exposed across misconfigured S3 buckets, SMB, R-Sync and FTP servers. Within these files were a worrying number of security assessments, network diagrams, penetration tests, and IT audits made available through third parties.

 

How SearchLight detects data loss

Digital Shadows SearchLight™ enables organizations to detect data loss. With SearchLight, organizations register their document marking systems, email headers, and intellectual property. SearchLight then continually monitors for these assets across the open, deep, and dark web to detect where this data is exposed. Each alert includes recommendation actions, including the ability to launch takedowns from within the SearchLight portal.

 

Free tools to get started

You can read more about the risks surrounding exposed data in our Practical Guide to Reducing Digital Risk. This guide also outlines some free and inexpensive tools that organizations can use to start detecting data loss.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Reducing technical leakage: Detecting software exposure from the outside-in

Reducing technical leakage: Detecting software exposure from the outside-in

June 16, 2020 | 6 Min Read

Modern Development Practices Leads to...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...