As technology evolves, the threat landscape evolves. The threat landscape has changed from
mere script kiddies for fun to organised cyber crime to steal data for identity theft and
monetary gains.
It is very important to protect the business data from all kind of data breach attacks in order
to maintain the brand reputation and customer faith. New laws and governance policies
make it mandatory for organisations to protect customer data. This project talks about the
different effect of data breaches and preventive measures. This project targets mostly on the
'confidentiality' trait of the information security's CIA triad.
Table of Contents
Chapter 1 Introduction
1.1 Background
1.2 Project Objectives
1.3 Methods Used
Chapter 2 Causes of Data Breach
Introduction
2.1 Types of data breaches
2.1.1 Well-meaning insider or Benevolent Insider
2.1.2 Malicious Insider
2.1.3 Malicious Outsider or Targeted attacks
2.2 Tools and techniques used by Malicious Outsiders or Hackers
Chapter 3: Laws & Cost of Data Breach
Introduction
3.1 UK Law & Governance
3.1.1 Data Protection Act [16]
3.1.2 Privacy and Electronic Communications Regulations [18]
3.2 Cost of data breaches
Chapter 4: Existing Security Mechanisms
Introduction
4.1 Antimalware, Antispyware & Proactive Protection [27]
4.2 Firewall [28]
4.3 IDS/IPS [29] [30]
4.4 SIEM (Security Information and Event Management) [31]
4.6 Vulnerability Scanning and patching [34]
Summary
Chapter 5: Analyze DLP Solutions to Prevent Data Breaches
Introduction
5.1 How does Data Loss Prevention system Work?
5.2 Approaches by a DLP system to prevent Data Loss [35]
5.3 Types of Data Loss Prevention Systems [36]
5.4 Architecture of Symantec Data Loss Prevention Solution
5.5 DLP Honey Pots to Detect Malicious Insiders [37]
Summary
Future scope for research
Chapter 6: Conclusion & Recommendations
Project Goals and Themes
The primary goal of this project is to identify the root causes of data breaches and evaluate the limitations of conventional security mechanisms in protecting organizational information. By focusing on the 'confidentiality' trait of the information security CIA triad, the project aims to demonstrate why an additional layer of protection, specifically Data Loss Prevention (DLP) solutions, is essential for mitigating data loss from both internal and external threats.
- Analysis of the threat landscape and categories of data breaches (well-meaning insiders, malicious insiders, and targeted external attacks).
- Examination of legal requirements and governance in the UK, specifically the Data Protection Act and PECR.
- Evaluation of traditional security infrastructure including firewalls, IDS/IPS, SIEM, and vulnerability scanning.
- In-depth technical analysis of Symantec Data Loss Prevention architecture and its operational components.
- Assessment of the economic impact and organizational costs associated with data breach incidents.
Excerpt from the Book
2.1.3 Malicious Outsider or Targeted attacks
Malicious Outsider or Targeted attacks are carried out by hackers or cyber criminals against specific organisations. The victims of targeted attacks are like government organisations, financial institution and any other organisation that deals with sensitive information which when hacked can have monetary gains. These kinds of attacks are very difficult to detect, it requires special tools and techniques in place to detect targeted attacks. According to the Verizon’s Data Breach Investigations Report, these kind of attacks are the most difficult to investigate and they cost more than the other type of breaches.
Most of the targeted attacks are carried out in four phases as shown in the below picture.
1. Incursion: In the first phase, hacker’s gain access to the network of the targeted organisation by means such as malwares or default password, exploiting system vulnerabilities, SQL Injection.
2. Discovery: Once the hacker gets access of the targeted organisations network, the hacker scans for other systems in the organisation. The hacker can scan the confidential data.
3. Capture: Hackers access unprotected or unencrypted data from end user computers or servers. Hackers can also install tools like root kits to capture the information while it is flowing in the network.
4. Exfiltrate: In this phase, the data is exfiltrated to the hacker in clear or by other sources like email, zip files with password protection, ftp sites and encrypted packets.
Chapter Summaries
Chapter 1 Introduction: Provides an overview of the evolving threat landscape and defines the research scope regarding the 'confidentiality' of data and the necessity of DLP tools.
Chapter 2 Causes of Data Breach: Categorizes data breaches into well-meaning insiders, malicious insiders, and targeted external attacks, while detailing common exploitation techniques used by hackers.
Chapter 3: Laws & Cost of Data Breach: Analyzes the regulatory environment in the UK, including the Data Protection Act and PECR, and examines the financial consequences of data breaches.
Chapter 4: Existing Security Mechanisms: Reviews traditional defense mechanisms such as firewalls, IDS/IPS, and SIEM, and discusses their limitations in preventing internal data exfiltration.
Chapter 5: Analyze DLP Solutions to Prevent Data Breaches: Offers a deep dive into the functionality and architecture of DLP systems, with a specific case study on the Symantec DLP solution.
Chapter 6: Conclusion & Recommendations: Summarizes the need for a multi-layered security approach and emphasizes the importance of implementing DLP tools to meet strict compliance requirements.
Keywords
Data Breach, Information Security, Confidentiality, CIA Triad, Data Loss Prevention, DLP, Malicious Insider, Targeted Attacks, Firewall, SIEM, Vulnerability Scanning, Network Security, PECR, Data Protection, Compliance.
Frequently Asked Questions
What is the core focus of this research project?
The project focuses on the confidentiality of organizational data, identifying the root causes of data breaches, and evaluating how Data Loss Prevention (DLP) tools can mitigate risks that traditional security mechanisms fail to address.
What are the primary categories of data breaches addressed?
The study classifies breaches into three main sources: well-meaning insiders who inadvertently cause leaks, malicious insiders with intent to steal, and malicious outsiders conducting targeted attacks.
What is the primary objective regarding security solutions?
The objective is to argue for "two-way protection," meaning organizations must defend against external threats while simultaneously preventing authorized users from exfiltrating sensitive data to the outside world.
Which scientific or research methods were employed?
The project utilizes an analytical approach, reviewing existing industry white papers from sources like the Ponemon Institute and the Verizon Data Breach Investigation Report to categorize threats and evaluate security effectiveness.
What does the main body of the work cover?
It covers the legal landscape in the UK, an assessment of traditional tools like firewalls and SIEM, a detailed analysis of DLP architecture, and recommendations for improved data security practices.
Which keywords best characterize this work?
Key terms include Data Breach, Data Loss Prevention (DLP), Confidentiality, Insider Threats, and Regulatory Compliance.
How does the Symantec DLP solution differentiate its components?
Symantec DLP integrates components across the network, storage, and endpoints, utilizing an 'Enforce Platform' for centralized policy management, while employing specialized modules for discovery, monitoring, and proactive prevention.
What role do 'Honey Pots' play in this context?
The project describes the use of DLP honey pots as a deceptive mechanism to detect malicious insiders by tracking unauthorized access to files containing fake sensitive data.
- Quote paper
- Vikas Rajole (Author), 2012, Causes of Data Breaches and Preventive Measures. Data Loss Prevention, Munich, GRIN Verlag, https://www.hausarbeiten.de/document/214310
