In an example of life imitating art, hackers recently stole 1.5 terabytes of data from HBO, including full episodes of popular shows like “Ballers” and at least one script from an upcoming episode of “Game of Thrones.” The thieves also made off with internal company documents and HBO employee data. Some of the data has already been shared online.
HBO isn’t alone. The headlines are filled with companies that have had data and information stolen, whether it’s customer data, employee information, classified product data and more.
Types of Data Theft and Exfiltration
To understand how to prevent data theft, like the HBO hack, It’s important to first look at the different ways data can be stolen from an organization.
Data breaches can occur either physically or digitally “over-the-wire.” Physical data leakage can occur when someone transfers data from a user’s device to a USB drive and then walks it out the door, or transfers it via a rogue wireless network. However, that vector is typically used by employees with a motive.
An over-the-wire data breach can occur with various degrees of complexity, duration and effort. Exploits that potentially give access to the stolen content might be as simple as taking advantage of improper security measures to bypass authentication for streaming services, or exploits that give command and control over a host to the intruder.
Others vectors used to steal data include spear phishing or deeper penetration into the corporate network or from a connected subsidiary or partner. If the main attack is through an intermediate and compromised system, there is a delicate balance that an intruder might consider in deciding at which rate to exfiltrate the data. The longer the intrusion, the higher chance of being discovered or inadvertently losing access because of nightly patching or the power state of the compromised system. However, if the intruder sends large amounts of data too quickly, it might raise some eyebrows and generate alerts from security solutions.
Preventing Breaches and Leaks
So how can companies prevent data breaches like these from happening?
When it comes to preventing data breaches and leaks, analytics and visibility are critical and can help detect data exfiltration events.
Detailed telemetry solutions that have good analytics are key to monitoring traffic that is leaving the network, and can detect any traffic flows that are outside the norm. From there they provide insight into what’s happening and act to stop any malicious activity.
In a case where data is exiting the network via fast exfiltration, IT management can use security solutions that create rules to lock down traffic in extreme circumstances, or even proactively set up policies that limit traffic. Additionally, Data Loss Prevention (DLP) systems that use the Internet Content Adaption Protocol (ICAP) to connect to the network can help prevent unauthorized data exfiltration.