Detecting Exposed Data: The What, Why, & How

A fundamental responsibility for any IT security professional is to secure their information assets, be that customer data, financial information, or any other critical information. This is critical for maintaining a competitive advantage, avoiding regulatory fines, and remaining compliant.

Often the focus is on controlling flows of sensitive data over the perimeter or within the network, perhaps with Data Loss Prevention solutions. Unfortunately, a significant amount of organizations’ data is already exposed online. Organizations need to detect and remove this information before it falls into the hands of adversaries.

Top five types of data loss

Every week, 50% of our customers detect exposed sensitive data, which can be any of the following five types.

1. Technical information. Code-sharing sites like GitHub can be a goldmine for adversaries when sensitive technical information becomes inadvertently exposed. Typical examples include private RSA keys, admin credentials, proprietary code, and network information.
2. Employee credentials. With employees re-using their work emails across third parties, exposed credentials can enable attackers to perform account takeovers. These can be emails of individuals, but also departments. For example, last year we found that over 33,000 accounting inbox credentials are exposed – potentially facilitating Business Email Compromise.
3. Sensitive documents. This can include exposed contracts, employee pay stubs, and confidential board minutes. These can reference sensitive projects, company performance, or upcoming merger and acquisitions.
4. Intellectual Property. Exposed intellectual property, such as product designs and patent information, leaves you vulnerable to corporate espionage and competitive intelligence.
5. Customer Data. Exposed customer details, such as PII (Personally Identifiable Information), can create brand and business risk, as well as regulatory problems.

While malicious insiders can be responsible for data loss, it’s more often a result of inadvertent employees or third party actions. This was starkly portrayed in our Too Much Information research, in which we analyzed how online file stores expose data. In total, we discovered over 1.5 billion files exposed across misconfigured S3 buckets, SMB, R-Sync and FTP servers. Within these files were a worrying number of security assessments, network diagrams, penetration tests, and IT audits made available through third parties.

How SearchLight detects data loss

Digital Shadows SearchLight™ enables organizations to detect data loss. With SearchLight, organizations register their document marking systems, email headers, and intellectual property. SearchLight then continually monitors for these assets across the open, deep, and dark web to detect where this data is exposed. Each alert includes recommendation actions, including the ability to launch takedowns from within the SearchLight portal.

Free tools to get started

You can read more about the risks surrounding exposed data in our Practical Guide to Reducing Digital Risk. This guide also outlines some free and inexpensive tools that organizations can use to start detecting data loss.

Source: Digital Shadows