New Work Practices are Exposing Your Intellectual Property

Employee work practices expose more of our sensitive business data and intellectual property to intentional, deliberate data theft than ever before. This is true for businesses of all sizes – micro through to large enterprises. Proprietary data valuable to your business is also valuable to others.

2 people in an office discussing work, looking at a laptop

Image courtesy of storeyset on Freepik

Data Theft in 2024: Deliberate and Intentional

There are multiple influences behind the global rise in data breaches. The cost of cybercrime in 2024 is an estimated $9.5 trillion and growing. Today’s cybercriminal is sophisticated. They have considerable access to powerful offensive tools. Tools that are now beginning to use AI to exploit vulnerabilities in devices and code.

 

Some of this rise is attributable to an increase in hacker-for-hire attacks, which aim to deliberately sabotage a business’s reputation. However, more concerning is the rise in nation-state-sponsored targeted phishing and ransomware cyberattacks, fuelled by an insatiable underground market for stolen data.

 

In a ransomware attack, the attackers want you to know they have your data so that you will pay the ransom. In data theft, the goal is to sell your data rather than hold you to ransom. So, data theft is a stealth attack, where most businesses will never find out that their sensitive data has been stolen.

 

Three Work Practices Pushing Your Data Outside of Your Control

Most businesses have undergone three similar changes to work practices post-COVID. Each change in how we work has meant more sensitive business data outside of our network perimeters, putting data into areas beyond our control or influence. In turn, exposing more data to the risk of theft.

Cloud Services Risks

Most businesses are increasing the adoption of cloud services. The result is more application data traveling to and from these clouds. Most businesses have an inherent trust in a) how our data is stored within the cloud and b) that application data is transferred directly to these clouds and nowhere else.

 

Yet a single misconfiguration in the provider’s application or device can, and does, expose data to theft. And do we ‘really’ know where this data is going to? How many people test this for every cloud application data packet transmitted?

Hybrid Workforce Risks

Employee work practices have recently undergone a minor revolution. Pre-COVID, data security was about making sure sensitive business data never left the premises. Today, our staff expect 24×7 access to business data, from wherever they choose to work.

 

Home-office environments are, again, areas outside of our control. De-facto tools such as VPNs are good. But malware can easily bypass tools like this. A single misconfiguration in an application or a home router could expose intellectual property to a breach.

Supply Chain Risks

More reliance on business-critical supply chains again places sensitive data in areas outside of our control. More cyberattacks are originating from outside of businesses – from within the supply chain, be it our suppliers, their suppliers, or their suppliers. Malware,  exploitation of software vulnerabilities or misconfigurations, and social engineering all form part of the risks coming from our supply chains.

 

 

Cyber Best Practice

Organisations such as the regional Cyber Resilience Centres and the National Cyber Security Centre provide simple, independent guidance on cyber best practices. They recommend that, as an absolute minimum, businesses must implement:

    • user access control
    • antivirus and firewalls
    • multi-factor authentication
    • encryption of all data at rest and in transit
    • user cyber-awareness education on password hygiene
    • user cyber-awareness education around how to recognise phishing emails
    • regular application patching/updates

 

Data-rich businesses should take this a stage further to include:

    • data classification and handling policies
    • vetting and auditing of suppliers

 

I outline some of these suggestions in “Data Breach: Never Too Small to Worry About Vulnerabilities”.

 

Exfiltration Prevention System (EPS): Zero-Trust on Outgoing Data

However, one drawback to these recommendations is that they tend to be “mitigation” strategies. To protect sensitive business data and intellectual property, the strategy needs to focus on  “prevention”. Mitigation principles come too late in the kill chain for a data breach.

 

Zero trust is a popular phrase in the industry today. It is an approach that assumes no user or device is inherently trustworthy and must demonstrate trust before accessing resources.

 

ZORB applies zero trust to outgoing data. Just as antivirus protects against incoming threats, our zero trust approach prevents the compromise of outgoing data.

 

Our Exfiltration Prevention System (EPS) software combines the functionality of an outbound firewall and outbound IPS rules.

ZORB’s EPS implements a “deny-all” stance on outgoing data. This means that, by default, data is blocked from being transmitted by a device until that data flow can be proven to be trustworthy. Each flow is checked to ensure that it has come from a trusted application and is going to a trusted destination, via a trusted transmission method. Only if the flow passes these checks is it transmitted, thereby preventing compromise of outgoing data:

    • from hackers or disgruntled employees
    • from C2C-based malware (botnets, RATs, ransomware)
    • due to data transfer risks to cloud applications
    • arising from application misconfiguration or malicious updates

 

Conclusion

There are many good practices that businesses should adopt to reduce unnecessary exposure of their data. But these tend to be mitigative controls.

 

Businesses intending to eliminate the theft of sensitive data should adopt a zero-trust approach to outgoing data. To achieve this, they must start from a “block-all-outbound-data” stance. Only when the integrity of outbound data flows can be proven, should data transmission be permitted.

 

Risk-Free Trial

Protect Your Data,

Intellectual Property and Reputation

About the Author

Dr Mark Graham, CEO of ZORB Security

Dr. Mark Graham has spent over 30 years in cybersecurity.  He completed his PhD in malware detection in Cambridge, UK where he also lectured in Information Security, Cybercrime, and Pen-Testing.  He is a co-founder of ZORB Security which specialises in eliminating data theft.

Try a live demo of ZORB

See ZORB in action using real time, live data

SANDBOX