It’s Hard To Stop Data Theft

Don’t overlook the possibility that someone might remove a physical asset when assembling your cybersecurity plan.

By Laura Elan, MxD

“Cybercriminals are coming for data.” That’s the top takeaway from the just-released 2023 Data Breach Investigations Report by Verizon Business. That’s no surprise for people in the cybersecurity trenches.

The sensitive data that cyberthieves aim to steal or compromise is found throughout an organization’s many departments and ranges from intellectual property files to software code to passwords. It’s a lot to protect and criminals are getting better at finding it. Data breaches were up 70% across the globe in late 2022, compared to Q2, according to one study. Outlooks for 2023 warn of even more and increasingly sophisticated attacks, a forecast backed by reports that weekly global cyberattacks increased by 7% in Q1 2023, compared to Q1 2022. 

What makes this crime so hard to prevent is, when people think about data theft, they mainly think about data exfiltration, which describes the unauthorized transfer of information from a computer or other device. But data exfiltration is just one type of data theft.

When we think of data theft, we have to expand our thinking about what it really means to steal something from an organization. Data can be removed. It can be copied and disseminated. It can be destroyed or changed, often in a way not quickly recognizable to the organization. Thieves can even steal actual hardware, such as a computer.

To prevent data theft, an organization should first identify all its critical assets, ensuring that nothing is overlooked. A manufacturer, for example, would need to list its engineering, design, and intellectual property files; employee and salary data; usernames, passwords, and Wi-Fi credentials; and process and inventory data being collected in real-time on the factory floor.

Collecting that information is a task that usually starts with the business owner who has the 30,000-foot-view of the operation. Then, as companies turn to determining the consequences of information being stolen or exposed, work moves to the individual departments that can dig deeper into how data theft would affect the organization.

Additional steps to take include:

• Control access to data. Everybody wants to know everything. But what’s the minimum amount of access I need to do my job?

• Require employees to create strong passwords and change them often.

• Scan the network for malicious behavior. Monitoring the network and the movement of data within the network is an important aspect of controlling data theft. If you don’t have the appropriate controls in place, you may never know your data is gone or has been copied and shared.

• Prohibit employees from carrying personal phones into areas where products are being designed and developed.

• Write software code in a sandbox environment with no external network connections.

• Encrypt all design and financial information traveling between organizations.

Limit physical access to the factory to stop someone from picking up a computer and walking out the door. People often think that putting something onto the network is the biggest security risk without realizing that something coming off the network can be just as risky. EP

Laura Élan is Senior Director of Cybersecurity for MxD Cyber: The National Center for Cybersecurity in Manufacturing, Chicago (mxdusa.org). Click here to download the Playbook for CMMC 2.0 Level 1.