数据泄露是指组织在无意中暴露敏感信息的情况——通常是由于疏忽了关键信息等错误造成的 脆弱性 – to the public internet or unsecure networks. This process increases the chances that data will be taken by malicious actors.
在最坏的情况下, 数据从原始的安全网络“泄露”到坏人手中,他们将持有敏感数据以获取赎金,或者将其泄露到更多可见的平台和网站上.
The National Institute of St和ards 和 Technology (NIST) defines a 违反 as:
“失去控制, 妥协, 未经授权的披露, 未经授权的收购, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for anything other than the authorized purpose.”
Simply put, a data 违反 is when data is knowingly accessed in an unauthorized manner. 数据泄露是指授权用户错误地将数据暴露给互联网或未经授权的网络, but it technically hasn’t been stolen – yet.
这两个术语之间的差异很小,但在采取行动保护相关数据或稍后报告事件时,这两个术语之间的差异很重要.
数据泄露是由于一些错误或疏忽造成的,或者是组织中没有人想到的事情. Let’s take a look at a few ways data leakage can occur:
The effects of data leaks can be disastrous. But, like with anything in security, so much of the process is about timing. If analysts are able to catch the cause of data leaks early, the overall business may be lucky enough to entirely avoid any negative fallout. Or it may be able to minimize the damage. Or it may have to deal with business- or reputation-altering repercussions.
Waiting until something happens shouldn’t be the priority; it should be planning in case of the 事件. 对声誉的损害是可以而且应该在未来任何重大事件发生之前就确定的. 这种方式, 在这种情况下,企业及其IT和安全组织将有一个剧本可以遵循. This will help minimize lasting negative reputational impact.
Following on from possible large-scale reputational damage, there is a two-pronged effect when it comes to a business’ bottom line: potential ransomware 支付给 威胁的演员 as well as customers taking their business elsewhere. 如果企业没有为意外数据泄露的后果做好准备,它们可能很快就会发现自己破产或灭绝.
组织恢复正常运营所需的时间将取决于数据泄露后安全事件的严重程度,以及可能必须以“全体人员参与”的方式完全停止的正在进行的计划 数据安全 事件. 这可能会对企业造成难以置信的破坏,并造成几乎无法挽回的运营赤字.
目前的网络安全人才短缺和技能差距似乎只会继续加剧 managed security service providers (MSSPs) 是否被要求代表客户提供监控、检测和响应行动. Hiring skilled in-house talent can already be a laborious enterprise. Following a 违反 that causes catastrophic reputational damage? 不可能.
显然,某些数据类型对威胁参与者来说具有更高的价值——个人身份信息(PII), financial- 和 health-related, 等. – what are some of the main vectors by which data leakage occurs? We’ve covered some of the various functionalities, but let’s now group them by type.
Whether it was initiated by an internal source or perhaps a supply chain partner, 从这个意义上讲,行为/披露/暴露必须是无意的,才能被归类为人为错误. 这种数据暴露或泄漏的根本原因可能是从SDLC期间的错误配置开始的,然后变成了一个漏洞,通过这个漏洞暴露了高价值的数据.
The inciting incident could also be something much less technical. 在远程工作时,工作站无人值守和可访问,以及丢失设备是每天都发生的事故的两个例子,会导致意想不到的负面后果.
For the purposes of this page, 我们主要讨论内部参与者——员工——的数据泄漏情况, 游客, 承包商, 供应商, 等. – would unknowingly leave data unprotected or exposed to potential theft or ransom.
然而, 如果攻击者利用暴露更容易窃取潜在的敏感数据, then this type of leak would be attacker initiated. The responsibility for the exposure, 虽然, still lies with the person or people who were initially tasked with securing the data. 但如果有扇门没关, 我们都可以合理地假设,没有多少攻击者不会敞开大门窃取敏感数据.
完全有可能有效地防止敏感的企业级数据被暴露并随后泄露到公共互联网或恶意行为者的数据存储中.
是否将以下预防选项之一用作独立解决方案或更大产品套件的一部分, 在研究哪种解决方案/产品最适合其环境时,每个组织都应该牢记其独特的需求和目标.