What is data theft and how do you prevent it?
Posted on July 15, 2024 by Louise Howland
In any size organisation, data theft can be a huge issue. From disgruntled employees to large scale cyberattacks, data theft can severely impact your business. According to a report by Varonis, 71% of companies that suffered a data breach reported significant customer attrition as a result.
As a business leader or decision-maker, it’s naïve to think that data theft won’t happen to you or your organisation. It may have already impacted you, and you might not have even realised.
Being prepared and understanding that you are at risk of data theft means you can put preventions in place so that if you are ever impacted, you can react quickly and effectively.
Understanding data theft
Data theft is when corporate data is stolen from databases, devices or servers. It can be data about the company’s performance, its employees, or even customers, from payroll details to financial figures. Data theft could be committed by an internal or external body but it’s important to know that it might be accidental, for example if an employee’s phone was stolen and it had their company emails on.
However, data theft can also be entirely intentional. A malicious actor could hack into an employee’s email address and access all company information and sell it on. It can be a truly heinous crime that can dramatically affect a company and its reputation.
What is data theft?
Kaspersky defines data theft as “the act of stealing digital information stored on computers, servers, or electronic devices to obtain confidential information or compromise privacy.” It can apply to companies, individuals, or organisations, but data theft can also affect anyone.
The types of data theft
While new threats constantly emerge, some of the most common types of data theft involve phishing scams, Adversary-in-the-Middle (previously called MitM) and malware. However, there are many types of data theft including:
- Stolen credentials
- Vulnerable or unpatched software
- Insider threats, such as disgruntled employees
- Drive-by, which is where simply visiting a compromised website, malware automatically downloads
- Eavesdropping, like when you use public WiFi that has no security, and a hacker accesses your computer
- Social engineering
- Skimming
- Theft of devices
How data theft works
With so many types of data theft out there, each of the individual data thefts routes allows hackers to access your valuable data and exploit your systems.
Phishing attacks
Phishing attacks are when a malicious attacker sends emails or text messages to encourage a person to click to a website where malware is installed on a computer, or sensitive details stolen.
Adversary-in-the-Middle
Previously called Man-in-the-Middle (MiTM), Adversary-in-the-Middle attacks intercept and alter communications without the knowledge of the involved parties.
Malware
One of the most well-known types of data theft, malware is where malicious software is installed secretly onto a user’s device without their knowledge. The hacker will then be able to access your organisation’s data and steal or manipulate it.
Stolen credentials
Stealing credentials can be done on a case-by-case basis or by exploiting an existing software and stealing all user’s data. It’s key that you use different passwords for different software to avoid this happening.
Vulnerable or unpatched software
Software, if not regularly updated, can quickly become vulnerable to hackers who can exploit unfixed areas.
Insider threats
Insider threats, such as disgruntled employees, are often intentional and it is where someone will reveal information purposely to cause distress.
Drive-by
This is where simply visiting a compromised website automatically downloads malware onto your computer, often without you even realising.
Eavesdropping
This is when you use public WiFi that has no security, and a hacker accesses your computer without you knowing.
Social engineering
This type of data theft involves posts on social media that encourage you to pass over information that can be used to help bypass security questions or guess passwords.
Skimming
Skimming is a physical activity where payment details are taken when you insert your bank card. This can occur at places like an ATM or Pay at Pump.
Theft of devices
Data theft can involve the stealing of a device such as a laptop, phone, or other digital equipment.
How could data theft happen?
Imagine you’re sitting in a popular coffee chain, and you want to connect to the WiFi to do some work on your laptop. You access the WiFi but unbeknown to you, you’ve accessed a WiFi network set up by a hacker sitting in the corner. They’re now able to see everything on your device, what you’re working on, and take a copy of this for their own malicious use, all without you even realising. This is just one way that data theft can happen.
Preventing data theft with Microsoft Intune
Microsoft Intune is an endpoint management solution that provides you with better control over devices and boosts cybersecurity in an organisation. The use of cloud-based security tools like Intune can reduce the cost of a data breach by up to $1.47 million, according to the IBM Cost of a Data Breach Report 2021.
Intune includes a variety of methods to help with data theft including mobile threat defence, data loss prevention, and device management. With a few clicks, you can isolate a device, lock down an account, minimise damage, and much more.
Here at ramsac, we help organisations of all sizes to implement Microsoft Intune across their IT estate. Get in touch today to see how we can help enhance your cybersecurity defences.