Data leakage is an uncontrolled or unauthorized transmission of classified information to the outside. It poses a serious problem to companies as the cost of incidents continues to increase. Many software solutions were developed to provide data protection. However, data leakage detection systems cannot provide absolute protection. Thus, it is essential to discover data leakage as soon as possible. [1]

Figure 1. The Data Leakage Detection System

Figure 1 shows if a cybercriminal identifies a data leak, the exposed data could be used to strategize a successful cyberattack. So by detecting and remediating data leaks before they are discovered, the risk of data breaches is significantly reduced.

A common form of data leakage is called a cloud leak. A cloud leak is when a cloud data storage service, like Amazon Web Service's S3, exposes a user's sensitive data to the Internet. While AWS does secure S3 buckets by default, we believe that S3 security is flawed and most people need to check their S3 permissions. [3]

Categories of Data Leaks

There are four major categories of data leaks - customer information, company information, trade secrets, and analytics.

1. Customer information

Some of the biggest data breaches included customer data leaks that involved Personal Identifiable information. Customer data is unique to each company. Customer confidential information could include any of the following:

• Customer names
• Addresses
• Phone number
• email addresses
• Usernames
• Passwords
• Payments histories
• Product browsing habits
• Card numbers

2. Company information

Leaked company information exposes sensitive internal activity. Such data leaks tend to be in the cross-hairs of unscrupulous businesses pursuing the marketing plans of their competitors.
Company data leaks could include the following:

• Internal communications
• Performance metrics
• Marketing strategies

3. Trade secrets

This is the most dangerous form of data leak to a business. The theft of intellectual property destroys the potential of a business, running it to the ground.
Trade secret data leakage could include the following:

• Upcoming product plans
• Software coding
• Proprietary technology information

4. Analytics

Analytics dashboards are fed by large data sets, and cybercriminals are drawn to any sizable pool of data. Analytics software is, therefore, an attack vector that needs to be monitored.
Analytics data leaks could include the following:

• Customer behaviour data
• Psychographic data
• Modeled data [2]

References:

1. https://www.researchgate.net/publication/276465741_DATALEAK_Data_Leakage_Detection_System
2. https://www.upguard.com/blog/data-leak-prevention-tips
3. https://www.upguard.com/blog/data-leak

Cite this article:

Thanusri swetha J (2021), The Data Leakage Detection System, Anatechmaz, pp. 37