In an environment where businesses and enterprises are entrusted with preserving the security of sensitive data such as names, addresses, banking account information and other personally identifiable information, companies are required to channel their efforts and provide a safe and secure ecosystem not only for client data, but also for their internal data. Keeping data safe is an ongoing process that lasts as long as the business itself.
Data leak ranks among the most common security threats a company can face. As a concept, it entails the transmission of sensitive data to an external party either by accident or intentional. The problem is that companies need to constantly adapt to new data security policies and strategies in order to face the constantly evolving security threats landscape.
Data leaks usually fall within three broad categories:
accidental breach, where an employee unintentionally transmits the data to an external party;
- intentional breach (commonly referred to as data exfiltration), when an employee attempts to harm the company by selling sensitive data to an external actor;
phishing attacks, a situation where a malicious external actor hijacks an employee account (often through the use of malware) and impersonates the person in question to extract sensitive data.