One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8645478 |
| Date de publication | 2025-01-31 14:59:40 (vue: 2025-02-01 00:08:16) |
| Titre | Insider Breach of the Month: A Departing Employee Takes a Trove of Data from a Large Law Firm |
| Texte | The Insider Breach of the Month blog series sheds light on the growing problem of email exfiltration of sensitive data to unauthorized accounts. It also examines how Proofpoint helps protect against these serious data loss events. Stories in this series have all been anonymized. Proofpoint regularly catches insider data loss events during our complimentary email data loss assessments. During these assessments, Proofpoint helps companies identify if their sensitive data is being exfiltrated to unauthorized email accounts, like personal freemail accounts, private domain email accounts or even a family member\'s email account. Today, we\'ll explore a major breach at a large law firm, which was caused by an employee who had accepted a role at another practice. The scenario In this case, the customer was a large law firm with locations in multiple countries. An employee accepted a new role at a competing firm and then proceeded to send multiple pages of attachments to their personal account. This exposed a massive amount of the law firm\'s sensitive data, putting it at risk for a data breach. The threat: How did the data loss happen? On the last day of their employment, the departing employee emailed the data to a personal email account. The chart below shows the anomalous activity in red. This reflects a typical pattern. When an employee leaves a company, there\'s often an increase in the volume and frequency of sensitive data being sent within a short span of time. Proofpoint Adaptive Email DLP chart that shows anomalous email pattern of the departing employee. The assessment: How Proofpoint identified this data loss We deployed Adaptive Email DLP to learn from and detect anomalies based on six months of historical email data. Adaptive Email DLP uses Proofpoint Nexus behavioral AI and the industry\'s broadest email data sets. This enables it to analyze working relationships to understand when sensitive data is being sent to unauthorized accounts rather than during regular business communication. By analyzing and learning normal email sending behaviors, trusted relationships and how users handle sensitive data, Adaptive Email DLP can detect when anomalous email behavior is occurring. During the assessment, Adaptive Email DLP identified unauthorized email accounts and anomalous activity related to the sensitive data that was sent to those accounts. Then, we met with the customer to review specific events where we detected sensitive data loss. As part of the review, we provided a list of all unauthorized accounts that were detected. We also provided all the emails that were sent to those accounts. Details about those emails included: Sender Recipient Subject Attachments Anonymized and redacted examples of the data that was exfiltrated. Prevention: What are the lessons learned? Here are some tips to stop your data from being sent to unauthorized accounts: Adopt a multilayered approach. Rules-based email data loss prevention (DLP) is critical in preventing sensitive data loss. However, it focuses on content and rules are based on known risks and specific RegEx patterns. An adaptive, behavioral approach is necessary to detect unknown risks that you can\'t define in a rule. Look for a tool that uses behavioral AI and machine learning. These technologies can analyze context and the relationships between a sender and a recipient, as well as other important details to detect whether data is being sent to an unauthorized account. Use in-the-moment warnings. With an adaptive approach, you can implement in-the-moment nudges that warn users when their behavior is risky. This helps them make informed decisions. Plus, it reinforces your security policies. And it prevents emails with sensitive data from leaving your organization. Proofpoint d |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | 100 about accepted accidental account accounts accounts: activity adaptive adopt advanced proofpoint afford against all also amount analyze analyzing and machine anomalies anomalous anonymized another approach are assessment assessment: assessments attachments attachments automatically based been behavior behavioral behaviors being below between blog breach breaches broadest business can cannot case catches caused centric chart combining communicate communication companies company competing complimentary complimentary data confidential content context countries critical current customer customers data day decisions define delivers departing deploy deployed adaptive details detect detected did dlp dlp solution brief today dlp to domain download during ease easy effectively email emailed emails employee employees employment empowering enables even events examines examples exfiltrated exfiltration explore exposed family firm focuses fortune freemail frequency from growing had handle happen have helping helps here historical how however human identified identify implement important included: increase industry informed insider intentional known large last law leader learn learned learning leaves leaving lessons light like list locations look loss loss machine major make massive member met million mitigate modernize moment month month: months more multilayered multiple necessary new nexus behavioral normal nudges occurring offers often organization organizations other our adaptive overlook pages part pattern patterns personal plus policies powerful practice prevented preventing prevention prevention: prevents private problem proceeded proofpoint protect protection provided putting rather recipient recipient red redacted reflects regex regular regularly reinforces related relationships review risk risks risky role rule rules safe scenario secure securely security send sender sender sending sensitive sent series serious sets sheds short shows sign significant six solution some span specific stop stories subject takes technologies than them then there these those threat: time tips today tokeep tool trove trusted typical unauthorized understand unknown use users uses uses proofpoint volume warn warnings well what when where whether which who within working your rules with |
| Tags | Data Breach Tool Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.