Custom Search

Cyber Security:

Data Loss

'Data loss' can mean a range of problems - from the destruction and deletion of data (accidental or malicious), to making unauthorised copies that are no longer under the control of the company and could be sold to criminals or publicly displayed.

Data can be stolen by people who have direct access to a computer, such as by printing a hard copy, copying data to a flash memory drive or on a DVD disc, and also by attackers gaining access over a network connection.

Companies and organisations have a duty to keep data under the CIA directive - protect data confidentiality, integrity and availability. Data breaches and data loss make them fall short of this ideal.

Insider threats and attacks

The hardest attack to defend against is when an attacker has direct access to a computer, especially in an organisation where many people might have access to a single computer, and one, or more, of them might not have the organisation’s best interests at heart. Security risks posed by employees (or ex-employees) of an organisation to their employers are known as insider threats.

Several investigations into the instigator of data loss over a long period of time have shown that one in three losses are due to 'an insider'. Those insiders may do it for personal gain or because of a sense of grievance against the company.

Examples:

In 2012, a programmer for the Federal Reserve Bank of New York was sentenced for stealing source code used to develop the bank’s computer systems. Bo Zhang was a third party contractor for the bank with privileged access to software that was under development. He pleaded guilty to copying the code to personal computers in violation of his contract of employment although there is no evidence that he intended to share the programs with anyone.

Similarly, in 2013, the social networking game developer Zynga settled a lawsuit with a former employee, Alan Patmore, who had copied hundreds of files, including unreleased game designs, to a Dropbox cloud storage folder before taking up employment with a rival company. Patmore expressed deep regret for his actions and agreed to ensure all copies of the data were destroyed in exchange for Zynga dropping charges against him.

In 2014, the health insurance company Anthem was breached and the details of 80 million people was extracted. This has put these 80 million people at risk from targeted phishing attacks, identity theft or extortion.

In 2017, the private healthcare provider BUPA reported that 547,000 customer details were stolen by an insider and offered for sale online. See online breaches.

In 2019, an employee of Tesla stole extensive details of Tesla’s manufacturing systems.

India's Punjab National Bank discovered $1.8 billion in fraudulent transactions as a result of an employee obtaining a high security password.

In November 2019, Trend Micro, a global security company with over 12,000,000 customers, reported that details of 68,000 of its customers had been copied by an employee who had sold the data to criminals who, immediately started using the data in phishing attacks. The employee appears to have had detailed knowledge of the controls in place to protect that data. Trend Micro was not aware of this theft until customers started reporting phishing attacks. The information used in the phishing attacks pinpointed the source of the data, but it took a lot of time and effort to check all security systems and determine that this was an internal theft.

Wikileaks continues to the present day to publish millions of documents that the owners had intended to be kept secret. The case of Chelsea Manning is one of the more significant insider attacks involving the loss of data. It is another example where the attacker simply copied the data and shared it with others, depriving the data owners of control over the confidentiality of the information.

Chelsea Manning (then Bradley Manning) was a United States Army soldier who leaked confidential information, including 250,000 United States diplomatic messages and 500,000 United States Army reports as well as videos of military action in Iraq, to the WikiLeaks website.

Manning obtained copies of classified materials during service in Iraq in 2009, copying them directly to a data CD disguised as a music disc, from which the materials were transferred to a laptop and then to the WikiLeaks servers for dissemination.

The reports were widely published around the world and caused enormous diplomatic embarrassment for the United States government. Manning was eventually identified after confessing in an online chat to Adrian Lamo, who informed the Army. Manning was charged with 22 offences, including that of aiding the enemy, and pleaded guilty to 10 charges. Manning was found guilty in 2013 and sentenced to 35 years in military prison.

Consequences of losing data

These consequences can be expressed as a series of 'costs':

the cost of recreating the lost data – either by buying new hardware and software or re-entering the lost data (which may not always be possible)

the cost of continuing without that data (availability)

the cost of informing others about the loss (postage, email charges - employee time).

the cost of a loss in reputation as a professional organisation.

Examples:

In March 2019, Norsk Hydro, one of the biggest aluminium producers in the world, was targeted by a ransomware attack using LockerGoga which encrypted a wide range of files. Norsk Hydro had detailed plans in place and was able to limit the spread of the attack and revert to manual operation. It also had secure backups of critical files. In spite of that, the latest estimates in May 2019 put the cost to the company at between $45.6m and $51.3m.

While they were recovering from this attack, Norsk Hydro were also aware of phishing attempts being made on their trading partners that attempted to spread the malware, and to divert payments to criminal accounts. Norsk Hydro did not pay any ransom and provided detailed updates on its response to the attack.

American Medical Collection Agency (AMCA) was a company that ran billing and payment services in the USA. In August 2018, hackers gained access to its servers and remained undetected until March 2019. The data obtained by the hackers included social security numbers, some credit card and banking details and medical data. AMCA dealt with work for many big companies.

Quest Diagnostics was a medical company that used the services of another company called Optum360 to collect payments due. Optum360 had outsourced this operation to AMCA. Quest Diagnostics was first to report the security breach after customer details were involved in many fraudulent transactions.

LabCorp, BioReference and Opko Health were other medical companies that used the services of AMCA. AMCA filed for bankruptcy in July 2019, but the financial impact on the medical companies that used AMCA services is not yet clear.

 

How to minimise loss of data

The risk of data loss cannot be completely eliminated, but it can be minimised.

A significant number of security threats are caused inadvertently by employees who are unaware of the risks of their actions, such as copying data to external devices or websites, opening infected emails, clicking malicious links, installing software and so on. Better staff training and awareness of cyber threats could reduce the risk of accidental data loss.

The Infosecurity Europe survey in 2022 revealed that while a slight majority of companies had implemented an internal information security policy to secure computers, networks and data, only a minority had provided staff training to raise awareness of potential security risks.

Another important way of minimising the effect of any loss is by backing up data – making secure copies of data either on to a separate device, to a separate disk, or even to a different location. But being aware of the potential problem can avoid costly future pitfalls.

Recovering from an operating system failure

Windows

If you use a version of Microsoft Windows (XP or later), you could use the 'Restore Point' feature to revert your computer to a previous working state.

Windows automatically saves its configuration daily, when it updates itself and also when certain events, such as the installation of an unsigned driver for a peripheral device, occur.

Apple

Versions of Mac OS (10.5 or later) include a feature called Time Machine, which can be used to backup both files and system configurations.

If you have Time Machine enabled it is possible to restore your Mac to a previous state, with hourly backups available for the past day, daily backups for the past month and weekly backups for anything older.

Recovering from accidentally deleting a file

Deleting a file isn't necessarily permanent. It depends on how quickly you identify that the file has been deleted.

If you have simply moved a file to the trash can (Recycle Bin on Microsoft Windows), then you can recover it by simply dragging the file out of the trash.

However, if you have since emptied the trash you will need specialised software to recover the file.

The good news is that the data is still on the disk, the bad news is that the operating system cannot find it again.

Fortunately, special file recovery software exists that can restore deleted files.

You can find out about the software available from Lifewire's article Free Data Recovery Software Tools.

Stop using the computer immediately you realise the file has been deleted. The less time that has elapsed between deleting a file and trying to recover it, the greater your chance of recovering the whole file.

If significant amounts of time have passed, only a partial recovery may be possible, or it may not be possible to recover the file.

You then need to install a file recovery program (some file recovery applications can be run from an optical disk or a flash memory drive).

A good selection of free file recovery applications can be found on Lifewire.

Run the file recovery application once you've installed it.

Note: Because of a difference between the way in which Microsoft Windows and Apple Mac OS store files on a disk, file recovery is much easier for Windows computers than Macs. A number of file recovery applications exist for the Mac, but there is much less selection than for Windows. Once you've got your file back you might want to review your data backup strategy to prevent a future accident.

 

Recovering from data lost from a lost computer, disk or flash memory drive that contained confidential data

Questions to ask:

Was the data encrypted using a form of strong encryption?

If it was, does it require a strong password to decrypt it?

Is the password known only to you?

If the answer to any of these questions is 'no' then you may have a problem as the data is potentially vulnerable.

If the lost property contains personal information, then you have an obligation to act under the Data Protection Act.

Large companies will have staff responsible for ensuring compliance with the DPA and you must get in contact with them as soon as possible so that steps can be taken to protect individuals.

Alternatively, you can contact the Information Commissioner's Office for guidance.

If you have lost material containing confidential information about a company or other organisation, or which is sensitive, then you need to contact the organisation which owns the data so they can take necessary steps.

In certain circumstances, this may also require the involvement of the police or security services.

If the data is securely encrypted, then the data is almost certainly safe. But, you should still contact the relevant authorities to inform them of the loss.