|
Data theft can be similar to Ransomware attacks, where the attackers download confidential business data with the threat of releasing that data to the public if a ransom is not met. Data theft can also be an effort to steal specific data - for example industrial espionage by a competitor or nation state that is looking to steal intellectual property or customer data. |
Data theft is difficult to detect, especially if the attacker obtains (or has) the credentials of a user with legitimate access to confidential data. Confidential data that is spread in multiple locations (e.g. file system, cloud, database, ...) may further complicate detection efforts. Some ways to detect data theft are:
1.Network traffic monitoring may reveal unusual patterns, but detecting this in busy networks can be extremely difficult - especially if the attacker leaks the data slowly over extended time periods.
2.Anomaly detection may also detect unusual patterns, such as read access to confidential data at unusual times or from unusual sources. But a sophisticated and careful attacker will not deviate from his/her usual pattern and as such may not trigger any anomaly alerts.
3.Email security monitoring can be an important component if the attacker has to use email to ex-filtrate the data.
User Behavior Analysis is likely the most effective way to detect targeted data theft, for example:
•Data is read by a user who does not normally access the data
•User accesses confidential data more frequently then usual
•User accesses data at an usual time of day
