TY - CHAP
T1 - Data Leakage
AU - Shabtai, Asaf
AU - Elovici, Yuval
AU - Rokach, Lior
N1 - Publisher Copyright:
© 2012, The Author(s).
PY - 2012/2/14
Y1 - 2012/2/14
N2 - Data leakage is defined as the accidental or unintentional distribution of private or sensitive data to an unauthorized entity. Sensitive data in companies and organizations include intellectual property (IP), financial information, patient information, personal credit-card data, and other information depending on the business and the industry. Data leakage poses a serious issue for companies as the number of incidents and the cost to those experiencing them continue to increase. Data leakage is enhanced by the fact that transmitted data (both inbound and outbound), including emails, instant messaging, website forms, and file transfers among others, are largely unregulated and unmonitored on their way to their destinations. Furthermore, in many cases, sensitive data are shared among various stakeholders such as employees working from outside the organization’s premises (e.g., on laptops), business partners, and customers. This increases the risk that confidential information will fall into unauthorized hands. Whether caused by malicious intent or an inadvertent mistake by an insider or outsider, exposure of sensitive information can seriously hurt an organization. The potential damage and adverse consequences of a data leakage incident can be classified into two categories: direct and indirect losses. Direct losses refer to tangible damage that is easy to measure or to estimate quantitatively. Indirect losses, on the other hand, are much harder to quantify and have a much broader impact in terms of cost, place, and time [Bunker, 2009]. Direct losses include violations of regulations (such as those protecting customer privacy) resulting in fines, settlements or customer compensation fees; litigation involving lawsuits; loss of future sales; costs of investigation and remedial or restoration fees. Indirect losses include reduced share price as a result of negative publicity; damage to a company's goodwill and reputation; customer abandonment; and exposure of intellectual property (business plans, code, financial reports, and meeting agendas) to competitors.
AB - Data leakage is defined as the accidental or unintentional distribution of private or sensitive data to an unauthorized entity. Sensitive data in companies and organizations include intellectual property (IP), financial information, patient information, personal credit-card data, and other information depending on the business and the industry. Data leakage poses a serious issue for companies as the number of incidents and the cost to those experiencing them continue to increase. Data leakage is enhanced by the fact that transmitted data (both inbound and outbound), including emails, instant messaging, website forms, and file transfers among others, are largely unregulated and unmonitored on their way to their destinations. Furthermore, in many cases, sensitive data are shared among various stakeholders such as employees working from outside the organization’s premises (e.g., on laptops), business partners, and customers. This increases the risk that confidential information will fall into unauthorized hands. Whether caused by malicious intent or an inadvertent mistake by an insider or outsider, exposure of sensitive information can seriously hurt an organization. The potential damage and adverse consequences of a data leakage incident can be classified into two categories: direct and indirect losses. Direct losses refer to tangible damage that is easy to measure or to estimate quantitatively. Indirect losses, on the other hand, are much harder to quantify and have a much broader impact in terms of cost, place, and time [Bunker, 2009]. Direct losses include violations of regulations (such as those protecting customer privacy) resulting in fines, settlements or customer compensation fees; litigation involving lawsuits; loss of future sales; costs of investigation and remedial or restoration fees. Indirect losses include reduced share price as a result of negative publicity; damage to a company's goodwill and reputation; customer abandonment; and exposure of intellectual property (business plans, code, financial reports, and meeting agendas) to competitors.
UR - http://www.scopus.com/inward/record.url?scp=84984878790&partnerID=8YFLogxK
U2 - 10.1007/978-1-4614-2053-8_2
DO - 10.1007/978-1-4614-2053-8_2
M3 - Chapter
AN - SCOPUS:84984878790
SN - 978-1-4614-2052-1
T3 - SpringerBriefs in Computer Science
SP - 5
EP - 10
BT - A Survey of Data Leakage Detection and Prevention Solutions
PB - Springer, Boston, MA
ER -