数据泄漏

数据泄露是如何发生的? 

数据泄露是由于一些错误或疏忽造成的，或者是组织中没有人想到的事情. Let’s take a look at a few ways data leakage can occur:

• 人为错误早在2012年, 我们说，涉及人为错误的案件数量惊人，导致政府在保护关键基础设施方面面临前所未有的挑战, 知识产权, 经济数据, 员工记录, 以及其他敏感信息. 12 years later, this still holds true.
• 遗留或过时的数据: Keeping archived data can have benefits, 但更常见的是，这类过时的信息正在成为全球企业的重大漏洞/责任. 然而 this legacy data is secured, 事件ually there will be a crack in its armor 和 that data will be exposed. 恶意行为者是否意识到这些信息是可以获取的，这是除了关键问题之外的另一个问题:是否绝对有必要保留这些旧数据?
• 密码卫生差: If IT 和 security organizations do not implement sophisticated identity 和 access management (IAM) solutions to consistently update – 和 generate – new passwords, then odds are it’s only a matter of time before something like a 凭据填料 attack occurs 和 the bad actors are exfiltrating data.
• 漏洞它每天都在发生，无处不在:一个弱点被忽视或未被发现 software development lifecycle (SDLC) 和 attackers are taking advantage in the blink of an eye. Depending on the size of a business or DevOps organization, with limited resources it simply may not be possible to catch everything.

What are the Effects of Data Leaks? 

The effects of data leaks can be disastrous. But, like with anything in security, so much of the process is about timing. If analysts are able to catch the cause of data leaks early, the overall business may be lucky enough to entirely avoid any negative fallout. Or it may be able to minimize the damage. Or it may have to deal with business- or reputation-altering repercussions.

名誉损害 

Waiting until something happens shouldn’t be the priority; it should be planning in case of the 事件. 对声誉的损害是可以而且应该在未来任何重大事件发生之前就确定的. 这种方式, 在这种情况下，企业及其IT和安全组织将有一个剧本可以遵循. This will help minimize lasting negative reputational impact.

财务损失

Following on from possible large-scale reputational damage, there is a two-pronged effect when it comes to a business’ bottom line: potential ransomware payments to threat actors as well as customers taking their business elsewhere. 如果企业没有为意外数据泄露的后果做好准备，它们可能很快就会发现自己破产或灭绝.

对操作的损害

组织恢复正常运营所需的时间将取决于数据泄露后安全事件的严重程度，以及可能必须以“全体人员参与”的方式完全停止的正在进行的计划 数据安全 事件. 这可能会对企业造成难以置信的破坏，并造成几乎无法挽回的运营赤字.

对人才获取的损害

目前的网络安全人才短缺和技能差距似乎只会继续加剧 managed security service providers (MSSPs) 是否被要求代表客户提供监控、检测和响应行动. Hiring skilled in-house talent can already be a laborious enterprise. Following a 违反 that causes catastrophic reputational damage? 不可能.

数据泄漏的类型

显然，某些数据类型对威胁参与者来说具有更高的价值——个人身份信息(PII), 财政和健康相关, 等. – what are some of the main vectors by which data leakage occurs? We’ve covered some of the various functionalities, but let’s now group them by type.

人为错误

Whether it was initiated by an internal source or perhaps a supply chain partner, 从这个意义上讲，行为/披露/暴露必须是无意的，才能被归类为人为错误. 这种数据暴露或泄漏的根本原因可能是从SDLC期间的错误配置开始的，然后变成了一个漏洞，通过这个漏洞暴露了高价值的数据.

The inciting incident could also be something much less technical. 在远程工作时，工作站无人值守和可访问，以及丢失设备是每天都发生的事故的两个例子，会导致意想不到的负面后果.

Attacker-initiated 

为本页的目的, 我们主要讨论内部参与者——员工——的数据泄漏情况, 游客, 承包商, 供应商, 等. – would unknowingly leave data unprotected or exposed to potential theft or ransom.

然而, 如果攻击者利用暴露更容易窃取潜在的敏感数据, then this type of leak would be attacker initiated. The responsibility for the exposure, 虽然, still lies with the person or people who were initially tasked with securing the data. 但如果有扇门没关, 我们都可以合理地假设，没有多少攻击者不会敞开大门窃取敏感数据.

如何防止资料外泄

完全有可能有效地防止敏感的企业级数据被暴露并随后泄露到公共互联网或恶意行为者的数据存储中.

是否将以下预防选项之一用作独立解决方案或更大产品套件的一部分, 在研究哪种解决方案/产品最适合其环境时，每个组织都应该牢记其独特的需求和目标.

• Institute a data loss pr事件ion (DLP) solution: DLP solutions typically focus on the endpoint, network, 和 cloud. This functionality specifically addresses the issues we’ve discussed at length here, such as vulnerabilities as a result of misconfiguration 和 accidental exposure.
• 利用加密: 数据加密 通过在传输的一端使用“密钥”对消息进行加密，并在另一端使用相同的密钥对消息进行解密，保护数据免受未经授权的使用或访问. 通过这个过程, even if malicious actors are able to successfully exfiltrate data, 如果使用了强大的加密协议，那么很有可能它对他们毫无用处. 越来越多地, 机器学习和人工智能正被用来创造更复杂的加密技术.
• 左移位: Ensuring security processes are part of the SDLC – 和 thereby a true DevSecOps 工作流——可以大大减少在构建周期结束时出现的漏洞数量. By integrating security checks into 基础设施即代码(IaC) templates 和 other parts of the coding process, DevSecOps organizations reduce the chances of a critical data leak.
• 培训员工和合作伙伴: Engaging employee workforces in 安全意识培训 它涵盖了基本密码和身份验证最佳实践等主题，可以在很大程度上防止泄漏, 例如, a device is lost or passwords are reused over a long period of time.