One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8627139 |
| Date de publication | 2024-12-18 07:52:00 (vue: 2024-12-18 17:08:04) |
| Titre | Insider Breach of the Month: An Employee Exfiltrates Sensitive Data from a Midsize Financial Firm |
| Texte | The Insider Breach of the Month blog series sheds light on the growing problem of email exfiltration of sensitive data to unauthorized accounts. It also examines how Proofpoint helps protect against these serious data loss events. Stories in this series have all been anonymized. In today\'s digital landscape, email is one of the most common tools that organizations use to communicate. However, with this widespread use comes a significant risk-namely, the careless or malicious sending of sensitive data to unauthorized accounts. Whether it\'s a simple mistake or caused by a disgruntled or malicious employee, just one of these data loss events can have devastating consequences. This includes reputational damage, regulatory fines and financial losses. Proofpoint regularly catches these insider data loss events during our complimentary email data loss assessments. During these assessments, Proofpoint helps organizations identify if their sensitive data is being exfiltrated to unauthorized accounts, like personal freemail accounts, private domain email accounts or even a family member\'s email account. Today, we\'ll explore a breach at a midsize financial firm, which was caused by a malicious employee. Background Email data exfiltration occurs when someone inside an organization-like an employee, exiting employee, contractor or business partner-emails data to their own personal account or to an unauthorized third party. Malicious insiders are people who intend to cause harm. These insiders might exfiltrate data to take to a competitor, to sell to bad actors or to sabotage the organization. Various factors can motivate them. Here are a few examples: Leaving to work at a competitor Business changes like mergers and acquisitions, and divestitures Resentment due to job changes or conflict with a supervisor Fear of job loss Poor job performance The scenario Recently, Proofpoint detected email data exfiltration during a customer\'s assessment. In this case, the customer was a West Coast-based midsize financial firm, which specializes in asset management. An employee left the firm. But before they left, they exfiltrated a large amount of sensitive data to their private email account. A quick search on LinkedIn confirmed suspicions that they were now working at a competing financial firm. The threat: How did the data loss happen? The departing employee emailed data to a personal email address over a nine-day period which was detected during the assessment. The chart below shows the anomalous activity in red. This reflects a typical pattern. When an employee leaves a company, there\'s often an increase in the volume and frequency of sensitive data being sent within a short span of time. Proofpoint chart that shows anomalous email pattern. The assessment: How Proofpoint identified this data loss We deployed Adaptive Email DLP to learn from and detect anomalies based on six months of historical email data. Adaptive Email DLP uses Proofpoint Nexus behavioral-AI and the industry\'s broadest email data sets. This enables it to analyze working relationships and to understand when sensitive data is being sent to unauthorized accounts rather than during regular business communication. By analyzing and learning normal email sending behaviors, trusted relationships and how users handle sensitive data, Adaptive Email DLP understands when anomalous email behavior is occurring. During the assessment, Adaptive Email DLP identified unauthorized email accounts and anomalous activity related to the sensitive data that was sent to those accounts. Then, we met with the customer to review specific events where we detected sensitive data loss. As part of the review, we provided a list of all unauthorized accounts that were detected. We also provided all the emails that were sent to those accounts. Detail |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 100 about account accounts accounts: acquisitions activity actors adaptive address adopt advanced afford against all also amount analyze analyzing anomalies anomalous anonymized approach are assessment assessment: assessments asset attachments background bad based been before behavior behavioral behaviors being below between blog body breach brief today broadest business but can cannot careless case catches cause caused centric changes chart coast combining comes common communicate communication company competing competitor competitor complimentary confidential confirmed conflict consequences context contractor critical customer damage data day decisions define delivers departing deploy deployed details detect detected devastating did digital disgruntled divestitures dlp dlp solution domain download due during ease easy effectively email emailed emails employee employees empowering enables even events examines examples examples: exfiltrate exfiltrated exfiltrates exfiltration exiting explore factors family fear financial fines firm focuses fortune freemail frequency from growing half handle happen harm have help helps here historical how however human identified identify implement important included: includes increase industry information informed inside insider insiders intend job just keep landscape large leader learn learned learning leaves leaving left lessons light like linkedin list look loss loss losses loss machine make malicious management member mergers met midsize might mistake mitigate moment month month: months more most motivate multilayered namely necessary nexus nine normal now nudges occurring occurs offers often one organization organizations other over overlook own part partner party pattern patterns people performance period personal plus policies poor powerful predefined preventing prevention prevention: prevents private problem proofpoint protect protection provided quick rather recently recipient recipient red reflects regex regular regularly regulatory reinforces related relationships report reputational resentment review risk risks risky rule rules sabotage safe sample scenario search secure securely security sell sender sender sending sensitive sent series serious sets sheds short shows sign significant simple six solution some someone span specializes specific stop stories subject supervisor suspicions take technologies than them then there these third those threat: time tips today tool tools trusted typical unauthorized understand understands unknown use users uses various volume warn warnings well west what when where whether which who widespread within work working your |
| Tags | Tool Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.