Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Data leaks evolving into weapons of business destruction

Maria Korolov | Oct. 4, 2016
Increasingly, attackers are using data leaks to target the companies themselves, going after proprietary or embarrassing information and releasing it in such a way as to do the most harm

But that has "changed tremendously," he said, and now the enterprises that his company works with are looking beyond data that can be easily sold on the black market, to data that can damage corporate reputations, trade negotiations, and market value.

"That could be a much more significant impact to the enterprise than a PII data breach, which can be managed trough a financial program and a good incident response plan," he said.

The nature of the attackers has changed as well. The threats are coming from ordinary criminals, as well as from market manipulators, hacktivists, disgruntled employees or customers with a vendetta, business rivals, and even nation-states.

"If you're not doing the data discovery, somebody else is going to be doing it for you," he added.

But not in a good way.

It doesn't help that more and more communications are going digital, he added, and are vulnerable to discovery.

"We'd rather text people than talk to them, or send an email on a subject that might be much more appropriate to a private conversation," he said. "That culture has extended to executives and other key members of teams using Twitter or social media, and communicating through their own email servers or Yahoo or wherever."

Who's next?

"My prediction, based on the Russian playbook, is that they'll go after media," said Adam Meyers, vice president of intelligence at CrowdStrike.

The FBI recently investigated a hack of the New York Times that was connected back to Russia, he said.

"There was not anything disclosed at the time, but the fact of the Russian intrusion at a media organization is certainly significant," he said.

A leak of embarrassing information, or which would potentially be seen in a negative light, could cast doubts on the legitimacy of the press.

Businesses are targets

While the DNC leaks are big in the news, it's not just about politics. Businesses have also been targets of weaponized data leaks.

HBGary: In 2011, leaked documents indicated that the company was involved in astroturfing, developing malware, and other publicly embarrassing activities. Customers fled, the CEO resigned, the company's assets were sold off, and HBGary ceased to exist.

Sony: Last year, WikiLeaks published more than 170,000 internal emails covering contract negotiations, financial deals, and creative disagreements.

Mossack Fonseca: A leak of more than 11 million documents to journalists exposed the Panama law firm to prosecution and law suits -- in addition to destroying the careers of several politicians around the world, inspiring action by tax authorities, and publicly embarrassing many companies and organizations.

St. Jude: Earlier this year, a startup research firm published a report purporting to show vulnerabilities in St. Jude's pacemakers and defibrillators -- and teamed up with a hedge fund to short the company's stock.


Previous Page  1  2  3  4  5  6  Next Page 

Sign up for CIO Asia eNewsletters.