Data leakage can happen in may ways; from from a software error condition, failures in data storage, transmission, or processing, user-based related, accidental deletion and worse – malicious intent or simple mismanagement. This resolution and level of attention resides in valuation of your data to your business’s success and longevity.
Your IT team should have implemented some form of reliable and testable data backup/archive/web-based storage and related disaster recovery equipment (tape drives, digital storage media, etc) and processes to help restore and recover lost data when a network or computer issue takes place. There are two major categories of losing data: 1) Data Loss and 2) Data Leakage. In this series I will go into both, but with primary focus on Data Leakage.
Data loss is different than data unavailability, which can happen with a network outage. Although the two have substantially similar effects on businesses and end users, data unavailability is temporary in nature, while data loss may be permanent. Data loss is also distinct from data leakage, although the term data loss has been sometimes used in data leakage incidents as well. For example, media containing sensitive information is lost and subsequently acquired by another party. Keep in mind, data leakage is possible without the data being lost.
So, how can my data be lost or leaked?
The following is a list of ways data can find itself roaming its way around, and getting lost!
Intentional/malicous Action
Intentional deletion of a file or program
Unintentional Action
Accidental deletion of a file or program
Misplacement of CDs or Memory sticks
Administration errors
Inability to read unknown file format
Failure
Power failure, resulting in data in volatile memory not being saved to permanent memory.
Hardware failure, such as a head crash in a hard disk.
A software crash or freeze, resulting in data not being saved.
Software bugs or poor usability, such as not confirming a file delete command.
Business failure (vendor bankruptcy), where data is stored with a software vendor using Software-as-a-service and SaaS data escrow has not been provisioned.
Data corruption, such as file system corruption or database corruption.
Disaster
Natural disaster, earthquake, flood, tornado, etc.
Fire
Crime
Theft, hacking, sabotage, etc.
A malicious act, such as a worm, virus, hacker or theft of physical media.
Studies have consistently shown hardware failure and human error to be two most common causes of data loss, accounting for roughly three quarters of all incidents. A commonly overlooked cause is a natural disaster. Although the probability is small, the only way to recover from data loss due to a natural disaster is to store backup data in a physically separate location.
Consider the Cost of data loss – The cost of a data loss event is directly related to the value of the data and the length of time that it is needed, but unavailable.
The cost of continuing without the data
The cost of recreating the data
The cost of notifying users in the event of a compromise
The lost business and confidence your customers will have if data is lost or stolen.
Now that you have food for thought here, I will continue this series with the next post based solely on Data Leakage…stay tuned!
