Data is one of the most valuable assets for a modern enterprise. So, of course, it is a target for theft. Data theft is the unauthorized acquisition, copying or exfiltration of sensitive information that is typically stored in a digital format. To get it, bad actors either abuse privileges they already have or use various other means to gain access to computer systems, networks or digital storage devices. The data can range from user credentials to personal financial records and intellectual property.
Companies of all sizes are targets of data theft. In September 2023, the personal data of 2,214 employees of the multinational confectionary firm The Hershey Company was stolen after a phishing attack. And in January 2024, the accounting firm of Framework Computer fell victim to an attack. A threat actor posed as the Framework’s CEO and convinced the target to share a spreadsheet with the company’s customer data.
Data thieves aim to profit financially, disrupt business activities or do both by stealing high-value information. The fallout from a data breach can be very costly for a business—and the cost is going up. IBM reports that the global average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years. Other data suggests that the average cost of a breach is more than double for U.S. businesses—nearly $9.5 million.
Not all data breaches involve data theft, but stealing data is a top aim for many attackers. Even ransomware gangs have been shifting away from data encryption in their attacks, opting instead to steal massive amounts of data and use its value as a means to compel businesses to pay ransom.
So, what can businesses do to prevent data theft? Taking a proactive approach toward stopping someone from stealing your data is a must. This blog post can help jump-start your thinking about how to improve data security. We explore how data theft happens and describe some common threats that lead to it. We also outline seven strategies that can help reduce your company’s risk of exposure to data theft and highlight how Proofpoint can bolster your defenses.
Understanding data theft—and who commits it
Data theft is a serious security and privacy breach. Data thieves typically aim to steal information like:
- Personally identifiable information (PII)
- Financial records
- Intellectual property (IP)
- Trade secrets
- Login credentials
Once they have it, bad actors can use stolen data for fraudulent activities or, in the case of credential theft, to gain unlawful access to accounts or systems. They can also sell high-value data on the dark web.
The consequences of data theft for businesses can be significant, if not devastating. They include hefty compliance penalties, reputational damage, and financial and operational losses. Take the manufacturing industry as an example. According to one source, a staggering 478 companies in this industry have experienced a ransomware attack in the past five years. The costs in associated downtime are approximately $46.2 billion.
To prevent data theft, it’s important to recognize that bad actors from the outside aren’t the only threat. Insiders, like malicious employees, contractors and vendors, can also steal data from secured file servers, database servers, cloud applications and other sources. And if they have the right privileges, stealing that data can be a breeze.
An insider’s goals for data theft may include fraud, the disclosure of trade secrets to a competitor for financial gain, or even corporate sabotage. As for how they can exfiltrate data, insiders can use various means, from removable media to personal email to physical printouts.
How does data theft happen?
Now, let’s look at some common methods that attackers working from the outside might employ to breach a company’s defenses and steal data.
- Phishing. Cybercriminals use phishing to target users through email, text messages, phone calls and other forms of communication. The core objective of this approach is to trick users into doing what the attacker wants them to do, like sharing sensitive data or providing system login credentials. (Deception and manipulation through social engineering is the key to phishing success.)
- Malware. An attacker can secretly install malware on a network or a user’s computer to steal data or gain unauthorized access to other systems and applications where sensitive data resides. Phishing emails and illegitimate web apps are examples of tools that attackers use to distribute malware like spyware and keyloggers.
- Adversary-in-the-middle (AiTM) attacks. AiTM is a form of data eavesdropping and theft where an attacker intercepts data from a sender to a recipient, and then from the recipient back to the sender. Through this approach, attackers can obtain passwords, IP, private messages and other sensitive information.
- Unpatched software. Attackers are always on the lookout for unpatched software vulnerabilities to exploit. These weak spots can provide a door or offer a pathway that leads to unauthorized access to high-value data.
- Unsecured networks. When users access company resources through unencrypted or poorly secured networks, like public Wi-Fi, they can inadvertently expose data to eavesdroppers.
- Misconfigured databases or cloud storage. Data stored online can be exposed and invite unauthorized access if it is not configured correctly.
- Physical theft. Bad actors can steal devices like laptops, smartphones or external hard drives to gain access to stored data. “Dumpster diving” is also an option if thieves are willing to search through real trash for discarded documents or devices that may contain sensitive data.
7 Tips to help mitigate the risk of data theft
Given the many opportunities cybercriminals have to steal data or lay the groundwork to do so, it’s clear that businesses need a proactive and multifaceted approach to prevent data theft. The following seven tips can go a long way toward reducing your company’s exposure to data thieves—inside and out.
- Implement strong authentication measures. This includes strong password policies, like requiring complex passwords and regular password changes. Also, where possible, use multifactor authentication (MFA) for access to vital systems and applications.
- Use data encryption. Make a point to encrypt your company’s sensitive data, whether it is in transit or at rest. This helps to ensure that even if unauthorized access occurs, the stolen data will remain unreadable to those who lack the proper decryption keys.
- Conduct regular audits and vulnerability assessments. These exercises can help you identify potential weaknesses in systems and networks and address them proactively. Security audits can also help you surface potential insider threats that can lead to data theft or loss.
- Keep software up to date. Make sure your company’s operating systems, software applications and security solutions have the latest patches and updates that address known vulnerabilities. And when you learn of a security weakness, don’t wait to apply the fix—do it as soon as you can.
- Follow the principle of least privilege (PoLP). This principle is based on the idea that you can reduce the potential impact of accidental mishaps, intentional malicious activities or security breaches by limiting users’ access rights. Grant individuals or systems the minimum levels of access or permissions necessary to perform their job functions or tasks.
- Deploy data loss prevention (DLP) solutions. A DLP platform can help you monitor and control the movement of sensitive data within your company. You can set up formal policies to prevent unauthorized access or transmission of confidential information. And you can use your DLP platform to enforce those policies. Many leading DLP solutions also integrate with encryption capabilities.
- Provide targeted cybersecurity awareness training. Security awareness training plays a crucial role in preventing data theft. With targeted education, users will learn to recognize and resist phishing attempts and other social engineering techniques. They can also learn about strong password practices, how to report suspicious activity and much more.
How Proofpoint can help your business prevent data theft
Vigilance, along with a robust mix of strategies, best practices and tools, can help you increase your company’s ability to avoid data theft. Depending on your security needs, Proofpoint can help you prevent data theft:
- Proofpoint Human-Centric Security provides a broad range of threat protection for email and cloud services to prevent phishing attacks, BEC, ransomware, supply chain attacks and cloud account takeover.
- Proofpoint Information Protection provides comprehensive DLP across cloud, email, endpoint and web to stop data loss and insider threats.
You can use Proofpoint Enterprise DLP to address the full range of data risks from malicious and other users. It brings together our market-leading DLP products for email, cloud and endpoint. And Proofpoint Insider Threat Management can help protect your IP, systems and users from insider threats.
Using Enterprise DLP and ITM together can help your IT and security teams identify risky user behavior and sensitive data interaction—and detect and prevent insider-led security incidents. See this solution brief to learn more about this powerful combination from Proofpoint.