Most data breaches discovered by outsiders, McAfee report finds

Looking for data loss in all the wrong places

A new report outlines the ways in which data loss -- whether it’s the result of malicious or accidental actions – continues to be a major cybersecurity challenge.

The September McAfee Labs Threats Report had three important findings:

  • The gap between data loss and breach discovery is growing.
  • Typical data loss prevention methods are less effective against new threats
  • More data loss controls are needed on physical media.

The analysis is based on data from three recent studies: the Intel Security 2016 Data Protection Benchmark (DPB) Study, Grand Theft Data: 2015 Intel Security data exfiltration (DX) study and the Verizon 2016 Data Breach Investigations Report (DBIR).

When it comes to breaches, discovery by law enforcement and third parties has “been on a consistent upward trend since 2005,” according to the McAfee Labs report. “Not only is data getting outside of company control, it has probably been used or sold before the theft is noticed.”

External groups such as “white hat” hackers, payment companies and law enforcement agencies are the first to find more than half the breaches, the DX study found, while DBIR reported that number to be 80 percent. In fact, internal discovery has been declining for 10 years, the report added.

Part of the problem may be that loss prevention tools can’t stand up to new theft targets, the most common of which are personally identifiable information and protected health data. Organizations may also unwittingly alert hackers to their soft targets. Activities that publicize a new or improved service may signal that the service is not yet well secured, the report stated. Besides new projects or products, hackers look for reorganizations and strategic planning activities.

This supports the report’s finding that organizations aren’t monitoring data movement in the right places. For instance, only 37 percent of DPB survey respondents said they use endpoint monitoring on physical media, despite the fact that 40 percent of data losses involve some type of physical media. Additionally, only 12 percent said they have visibility into data activity in the cloud, even though about 90 percent said they have a protection strategy for cloud storage or processing.

“This oversight could be due to incorrect assumptions about the security services offered by cloud providers, confusing cloud security defenses with data protection,” the report said.

Lastly, only 7 percent take proactive data discovery measures to keep tabs on what data they have

and where it is stored, the report stated.

Besides identifying the problems, the report also offered suggestions for mitigating the risks:

  • Align data classification and data loss policies to privacy policies and data-sharing standards at the data loss prevention planning stage.
  • Identify sensitive data using server and endpoint technologies and employ data loss prevention products to classify data.
  • Block unapproved transfers of sensitive data.
  • Implement data loss prevention products within the trusted network and on all endpoints.
  • Provide security awareness training to employees.

Read the full report here.

About the Author

Stephanie Kanowitz is a freelance writer based in northern Virginia.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.