Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Every year, more and more leaks occur through channels such as instant messengers and the Internet.
This is where compromised documents, personal data, and confidential information appear, and in the format of photographs taken with a regular smartphone. What exactly do intruders photograph in organizations and how can we combat this?
Introduction
Information security experts often characterize the rivalry between cybercriminals and information security as a race between armor and shells. Indeed, both CISOs and information security vendors are constantly coming up with new ways to increase an organization's information "armor" to protect infrastructure and data from already known threats. However, attackers always come up with new ways to gain unauthorized access to the necessary information.
EveryTag experts analyzed four key segments of the economy to determine what information is most susceptible to leaks and what role a regular smartphone plays in all this.
Corporate data leaks in the form of screenshots
Not least of all, the problem that has arisen concerns the means of protection against corporate data leaks. There are various solutions for monitoring network traffic and analyzing employee actions on work computers, which supposedly help prevent information leaks: corporate and private mail, various messengers, documents sent by an employee to print are monitored - in general, the entire data flow, which can potentially become a "transport" of information leaks.
It is important to note that control is also carried out in the remote work format, when the employee is not in the office.
However, the human mind is very flexible and comes up with new ways to deceive the security service and gain access to data. One of these methods is the banal photographing of the necessary information from the computer screen. At the same time, there is no need, as in old spy films, to penetrate the office through the window and photograph the drawings with a spy camera with microfilm: an insider from among the organization's employees can easily do this at home, simply by photographing the screen of his work laptop using a smartphone.
According to a joint study by EveryTag and Krok, screen photography and screenshots are the most common types of data leak incidents (35%) in the retail, finance, industry and IT sectors, with 30% of cases occurring through messengers, social networks and email.
However, Russian organizations do not yet pay much attention to such "photo incidents".
During the webinar "Modern Methods of Combating Insider Leaks of Confidential Documents" held in June 2022, organized jointly by EveryTag and the integrator DM Solutions, listeners took part in a mini-survey on what means of combating leaks are used in their companies. The most popular answer (35%) was "user training", second place (29%) was taken by the use of DLP systems, third place (10%) was the use of "watermarks" in documents.
The results of this survey indicate that domestic organizations are more inclined to prevent leaks among company employees. Let's agree that this is a very important aspect of combating data leaks, along with the use of technical means. However, such prevention is more aimed at loyal employees who may allow a leak by mistake - the so-called "accidental insiders". If an employee deliberately plans to steal information, such prevention and training will not save.
Fighting malicious insiders
CISOs should pay great attention to malicious insiders, especially in our difficult times of economic uncertainty. As practice shows, it is at such times that the loyalty and integrity of employees can be significantly tested. If an employee decides to steal a valuable document or database and he knows about the presence of traffic control tools in the organization, then photographing a computer screen seems to him the easiest way to "take" information outside the protected perimeter.
First of all, those organizations that represent the most critical sectors of the domestic economy in the current situation should respond to such incidents: finance, oil and gas, the agricultural sector, medicine, pharmacology, retail trade. Banks have not only begun to use various technical means, but have also formalized a ban on photographing work computer screens. Aeroflot has introduced a ban on the use of smartphones in the workplace.
Oil and Gas Sector
Oil and gas is a strategic industry and one of the most actively attacked by cybercriminals in our country. The main targets of attackers are automated process control systems (up to 40% of attacked computers in the industry in 2020), but the trend has begun to shift to more targeted attacks, including those using social engineering.
Insiders are also not asleep in their attempts to steal various information, the cost of which can reach several billion rubles. Photographing screens in order to steal drawings and various know-how for oil and gas enterprises is potentially a serious threat, since even a small fragment of an important drawing that falls into the wrong hands can cause significant damage.
Agriculture
Active digitalization of the domestic agricultural sector is only just gaining momentum. As of 2020, innovative agricultural enterprises in the domestic agro-industrial complex occupied no more than 10% of the market. However, based on international experience, we can assume what to expect from enterprises in this sector in our country in terms of information leaks.
Agricultural enterprises store significant amounts of confidential information, including financial and medical (about the health of employees). Since domestic agricultural enterprises are just beginning to actively digitalize business processes, it is now important to implement not only innovative enterprise management systems, but also means of preventing data leaks, including "photo incidents".
Medicine and pharmacology
Organizations in these industries store and process large amounts of confidential information, ranging from the composition of new drugs and vaccines to data on the health of patients or participants in clinical trials. Organizations in the industry, along with the financial sector, are among the primary targets of intruders and insiders.
Thus, there were high-profile incidents with data leaks in the companies "Gemotest" and "Invitro". According to Kaspersky Lab, most medical organizations operate on outdated operating systems (and not only in our country), which makes them vulnerable. Document flow, including medical records, in our country is mainly paper-based, which also creates the risk of data leaks, including by photographing documents.
Retail
The high level of digital transformation carried out by retail and hospitality enterprises, coupled with large volumes of processed financial and personal information of customers and clients, makes this industry very vulnerable to unauthorized access to data. According to InfoWatch research, almost 80% of leaks in the retail sector in 2019 occurred due to internal violators, with ordinary employees being the main culprits of leaks in 65% of cases.
In total, in the specified year, enterprises in the sector missed 9.3 million records.
Quite recently, a major leak of personal data occurred at the Yandex.Food service. There are also examples of "photo incidents": an employee of a mobile phone store in the Krasnodar Territory sent cybercriminals the phone numbers and subscriber data they needed by photographing the screen of a work computer. It should be emphasized that such incidents are very typical for retail branches of mobile operators. The main value is the numbers and personal data of subscribers for subsequent "punching".
There are various tools and methods to prevent incidents with photographing screens. The simplest method is video surveillance in the office, but it is not entirely effective due to the growing trend towards remote work. Various protective screens are also used, which are superimposed on the workstation monitor.
They do not allow photographing information at a certain angle, if the attacker tries to discreetly photograph someone else's monitor from a distance, but this measure is also applicable exclusively to office space.
Taking into account modern trends and the growth of digitalization, the following means and methods of countering "photo incidents" seem to be the most effective:
- Programs that determine the moment of photographing the screen by tracking and analyzing what is happening in front of the monitor using the workstation's webcam.
- Watermarks. When attempting to photograph information from the screen, a "watermark" will appear on the final image, for example, with information about the workstation and its owner. It will be difficult for an intruder to post such a photo in a public space without revealing himself.
- Invisible marking of images of screen forms or documents using a special algorithm by shifting letter and line spacing, but maintaining a holistic visual display. Such changes are not visible to the naked eye and will make it easy to identify the source, right down to the name, in the event of a leak.
What information should be protected
There are no industry-specific ways to prevent "photo incidents". However, if the CISO "labeling" method is used, it is necessary to identify the resources where the most important information is stored. Here are examples of such resources for each of the industries under consideration.
- Oil and gas sector: drawings, production and purchasing documentation, know-how (e.g. innovative methods of geological exploration), maps of oil fields.
- Agriculture: customer cards, production documentation, know-how (e.g. new seed varieties), information on the health of workers in agricultural enterprises and farms.
- Medicine and pharmacology: information on the health of patients and participants in clinical trials, medical records, know-how (e.g. information on the composition and components of new drugs and vaccines).
- Retail: financial information, CRM (information on customers and loyalty programs), accounting and warehouse systems, information on supply chains.
Conclusions
Any sector of the economy is subject to leaks of confidential information and documentation. Along with malicious actions of violators and insiders, there is also negligence, which leads to the compromise of confidential data. Companies of all sizes need to be more attentive to all possible leak channels, in particular by strengthening control over the use of mobile devices that can be used to photograph confidential information and then distribute it.
The data provided once again confirms the fact that violators are becoming more inventive in implementing their plans, looking for new formats for committing crimes. In response to their attempts, it is necessary to constantly improve your information security systems, introducing innovative approaches and technologies.
Source
This is where compromised documents, personal data, and confidential information appear, and in the format of photographs taken with a regular smartphone. What exactly do intruders photograph in organizations and how can we combat this?
IntroductionInformation security experts often characterize the rivalry between cybercriminals and information security as a race between armor and shells. Indeed, both CISOs and information security vendors are constantly coming up with new ways to increase an organization's information "armor" to protect infrastructure and data from already known threats. However, attackers always come up with new ways to gain unauthorized access to the necessary information.
EveryTag experts analyzed four key segments of the economy to determine what information is most susceptible to leaks and what role a regular smartphone plays in all this.
Corporate data leaks in the form of screenshotsNot least of all, the problem that has arisen concerns the means of protection against corporate data leaks. There are various solutions for monitoring network traffic and analyzing employee actions on work computers, which supposedly help prevent information leaks: corporate and private mail, various messengers, documents sent by an employee to print are monitored - in general, the entire data flow, which can potentially become a "transport" of information leaks.
It is important to note that control is also carried out in the remote work format, when the employee is not in the office.
However, the human mind is very flexible and comes up with new ways to deceive the security service and gain access to data. One of these methods is the banal photographing of the necessary information from the computer screen. At the same time, there is no need, as in old spy films, to penetrate the office through the window and photograph the drawings with a spy camera with microfilm: an insider from among the organization's employees can easily do this at home, simply by photographing the screen of his work laptop using a smartphone.
According to a joint study by EveryTag and Krok, screen photography and screenshots are the most common types of data leak incidents (35%) in the retail, finance, industry and IT sectors, with 30% of cases occurring through messengers, social networks and email.
However, Russian organizations do not yet pay much attention to such "photo incidents".
During the webinar "Modern Methods of Combating Insider Leaks of Confidential Documents" held in June 2022, organized jointly by EveryTag and the integrator DM Solutions, listeners took part in a mini-survey on what means of combating leaks are used in their companies. The most popular answer (35%) was "user training", second place (29%) was taken by the use of DLP systems, third place (10%) was the use of "watermarks" in documents.
The results of this survey indicate that domestic organizations are more inclined to prevent leaks among company employees. Let's agree that this is a very important aspect of combating data leaks, along with the use of technical means. However, such prevention is more aimed at loyal employees who may allow a leak by mistake - the so-called "accidental insiders". If an employee deliberately plans to steal information, such prevention and training will not save.
Fighting malicious insidersCISOs should pay great attention to malicious insiders, especially in our difficult times of economic uncertainty. As practice shows, it is at such times that the loyalty and integrity of employees can be significantly tested. If an employee decides to steal a valuable document or database and he knows about the presence of traffic control tools in the organization, then photographing a computer screen seems to him the easiest way to "take" information outside the protected perimeter.
First of all, those organizations that represent the most critical sectors of the domestic economy in the current situation should respond to such incidents: finance, oil and gas, the agricultural sector, medicine, pharmacology, retail trade. Banks have not only begun to use various technical means, but have also formalized a ban on photographing work computer screens. Aeroflot has introduced a ban on the use of smartphones in the workplace.
Oil and Gas SectorOil and gas is a strategic industry and one of the most actively attacked by cybercriminals in our country. The main targets of attackers are automated process control systems (up to 40% of attacked computers in the industry in 2020), but the trend has begun to shift to more targeted attacks, including those using social engineering.
Insiders are also not asleep in their attempts to steal various information, the cost of which can reach several billion rubles. Photographing screens in order to steal drawings and various know-how for oil and gas enterprises is potentially a serious threat, since even a small fragment of an important drawing that falls into the wrong hands can cause significant damage.
AgricultureActive digitalization of the domestic agricultural sector is only just gaining momentum. As of 2020, innovative agricultural enterprises in the domestic agro-industrial complex occupied no more than 10% of the market. However, based on international experience, we can assume what to expect from enterprises in this sector in our country in terms of information leaks.
Agricultural enterprises store significant amounts of confidential information, including financial and medical (about the health of employees). Since domestic agricultural enterprises are just beginning to actively digitalize business processes, it is now important to implement not only innovative enterprise management systems, but also means of preventing data leaks, including "photo incidents".
Medicine and pharmacologyOrganizations in these industries store and process large amounts of confidential information, ranging from the composition of new drugs and vaccines to data on the health of patients or participants in clinical trials. Organizations in the industry, along with the financial sector, are among the primary targets of intruders and insiders.
Thus, there were high-profile incidents with data leaks in the companies "Gemotest" and "Invitro". According to Kaspersky Lab, most medical organizations operate on outdated operating systems (and not only in our country), which makes them vulnerable. Document flow, including medical records, in our country is mainly paper-based, which also creates the risk of data leaks, including by photographing documents.
RetailThe high level of digital transformation carried out by retail and hospitality enterprises, coupled with large volumes of processed financial and personal information of customers and clients, makes this industry very vulnerable to unauthorized access to data. According to InfoWatch research, almost 80% of leaks in the retail sector in 2019 occurred due to internal violators, with ordinary employees being the main culprits of leaks in 65% of cases.
In total, in the specified year, enterprises in the sector missed 9.3 million records.
Quite recently, a major leak of personal data occurred at the Yandex.Food service. There are also examples of "photo incidents": an employee of a mobile phone store in the Krasnodar Territory sent cybercriminals the phone numbers and subscriber data they needed by photographing the screen of a work computer. It should be emphasized that such incidents are very typical for retail branches of mobile operators. The main value is the numbers and personal data of subscribers for subsequent "punching".
There are various tools and methods to prevent incidents with photographing screens. The simplest method is video surveillance in the office, but it is not entirely effective due to the growing trend towards remote work. Various protective screens are also used, which are superimposed on the workstation monitor.
They do not allow photographing information at a certain angle, if the attacker tries to discreetly photograph someone else's monitor from a distance, but this measure is also applicable exclusively to office space.
Taking into account modern trends and the growth of digitalization, the following means and methods of countering "photo incidents" seem to be the most effective:- Programs that determine the moment of photographing the screen by tracking and analyzing what is happening in front of the monitor using the workstation's webcam.
- Watermarks. When attempting to photograph information from the screen, a "watermark" will appear on the final image, for example, with information about the workstation and its owner. It will be difficult for an intruder to post such a photo in a public space without revealing himself.
- Invisible marking of images of screen forms or documents using a special algorithm by shifting letter and line spacing, but maintaining a holistic visual display. Such changes are not visible to the naked eye and will make it easy to identify the source, right down to the name, in the event of a leak.
What information should be protectedThere are no industry-specific ways to prevent "photo incidents". However, if the CISO "labeling" method is used, it is necessary to identify the resources where the most important information is stored. Here are examples of such resources for each of the industries under consideration.
- Oil and gas sector: drawings, production and purchasing documentation, know-how (e.g. innovative methods of geological exploration), maps of oil fields.
- Agriculture: customer cards, production documentation, know-how (e.g. new seed varieties), information on the health of workers in agricultural enterprises and farms.
- Medicine and pharmacology: information on the health of patients and participants in clinical trials, medical records, know-how (e.g. information on the composition and components of new drugs and vaccines).
- Retail: financial information, CRM (information on customers and loyalty programs), accounting and warehouse systems, information on supply chains.
ConclusionsAny sector of the economy is subject to leaks of confidential information and documentation. Along with malicious actions of violators and insiders, there is also negligence, which leads to the compromise of confidential data. Companies of all sizes need to be more attentive to all possible leak channels, in particular by strengthening control over the use of mobile devices that can be used to photograph confidential information and then distribute it.
The data provided once again confirms the fact that violators are becoming more inventive in implementing their plans, looking for new formats for committing crimes. In response to their attempts, it is necessary to constantly improve your information security systems, introducing innovative approaches and technologies.
Source
