The “silent theft” of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

By Iniel Dreyer, MD of Data Management Professionals South Africa (DMP SA)

As the term implies, the exfiltration of data from corporate networks is often done without even the target themselves being aware of the attack. In such cases, cybercriminals are only wanting to steal personal information – without being detected. This data is then sold for a tidy profit.

While the Protection of Personal Information Act (PoPIA) in South Africa was designed to safeguard personal data from theft, misuse and malicious activities, the legislation cannot be applied to attacks that are undetected and thus unreported.

Unlike a ransomware attack, the silent theft of data does not involve financial extortion and the encryption of information. Instead, hackers steal valuable data from organisations to sell on the dark web. This illicit practice is largely behind the proliferation of spam calls and marketing that flood the lives of ordinary people, not to mention the increase in banking fraud.

Lack of alignment

The gap between the aims of PoPIA and companies’ approach to data protection can be found in the lack of alignment between the goals of business and the IT division. Business, which has certain legal requirements to meet in terms of data privacy, must be able to rely on the IT division to be the enabler that ensures compliance.

Unfortunately, the two divisions often talk past each other, resulting in technology tools and solutions being acquired that ultimately do not meet business needs. However, since the money has been spent, companies tend to try to reverse-engineer the solutions to make it work, which is often when things go wrong.

The only time that most organisations realise they have been compromised is when they are asked for a ransom, so silent theft continues undetected. That is because most organisations do not have the right security tools in place to detect this type of attack.

To defeat attackers whose aim is to stay on a corporate network for as long as they can before being caught, organisations must look towards deception technology, which will help them respond proactively to an infiltration before any real damage is done. With data theft, it is crucial to be proactive as, once the information is stolen, nothing can be done about it.

Fooling the hacker

Deception technology deploys “honeypots” which are fake assets and systems on an organisation’s network that a hacker will perceive as a real system. These decoys can imitate any IT equipment or applications and will typically have a vulnerability that will make it tempting to attack.

When attacked, honeypots will send an alert to the network administration team that an intrusion has been detected. Deception technology can also detect the origin of the attack, where access was gained to the network and the type of device that was used to carry out the hack. This allows IT teams to take the necessary steps to prevent any real harm from being done by the attackers.

It is key that companies have a security framework and posture in place, and must understand what products they have and whether these meet their specific requirements for cyber resiliency. Cyber resiliency enables companies to defend against cyberattacks, and part of this is proactive data management to prevent unauthorised access to sensitive data.

A backup and recovery strategy is not enough to stop the silent theft of data. A more proactive stance should be adopted through the deployment of deception technology. However, organisations must ensure that they engage a competent service provider to implement and support cyber resiliency within their environment.