Get Our Email Newsletter

The Fundamentals of Network Data Loss Prevention

It’s important to understand how criminals gain access to systems in order to better manage your organization’s network data loss prevention. While the playbook for network penetrations varies from attacker to attacker, there are some consistent patterns that emerge from each enterprise-level incident. Network penetrations can be broken down into three steps, each with distinct signatures.

1. On-Ramp to the Network. Attackers have to get a foothold in the network, and this is most often done by social engineering targets to download malware or submit credentials to a phishing site. Additional on-ramps include watering holes, compromised logins, third-party hacks, and exploiting vulnerable third-party apps, particularly content management systems.

2. Navigating the Network. Once inside, attackers will use internal documentation to further their attack, pivoting from corporate user to corporate user via compromises to eventually gain access to documents and databases.

- Digital Partner -

3. Exfiltration. Data exits the system in surprisingly simple fashions. Sometimes it is hidden in traffic, but more often than not, it is zipped or encrypted and moved off the network to a drop site before detection systems can alert users and data loss can be stopped.

Human Error in Network Data Loss Prevention

Nearly all of the network attacks involve the following failures, oversights, or policy breakdowns:

  • Human error is almost always involved. Whether attackers enter through the front door or move laterally through the network, the attackers need employees to take some sort of action, whether it is entering credentials into a phishing site or opening a malicious attachment.
  • Employees use corporate emails to register for third-party sites that have been hacked and, even worse, reused passwords.
  • Lack of two-factor authentication for access to VPN networks, databases, and shares contribute to many of the breaches and magnify password reuse problems.
  • WordPress plugins are exploited for credentials to access servers or to create phishing pages. In general, servers running CMS applications are hackers’ on-ramp of choice.
  • Once inside networks, reconnaissance is performed through corporate directories, wikis, and share sites. Attackers find targets with desired accesses and move laterally using malware or phishing sites sent from internal email.
  • Network traffic monitors fail or are evaded during exfiltration.

This article was excerpted from “Basic Training in Network Security.” Read the article to learn best practices in data loss prevention and discover which components of any corporate network are most vulnerable. 

Loss Prevention Magazine updates delivered to your inbox

Get the free daily newsletter read by thousands of loss prevention professionals, security, and retail management from the store level to the c-suite.

What's New

Digital Partners

Become a Digital Partner

Violence in the Workplace

Download this 34-page special report from Loss Prevention Magazine about types and frequency of violent incidents, impacts on employees and customers, effectiveness of tools and training, and much more.

Webinars

View All | Sponsor a Webinar

Whitepapers

View All | Submit a Whitepaper

LP Solutions

View All | Submit Your Content

Loss Prevention Media Logo

Stay up-to-date with our free email newsletter

The trusted newsletter for loss prevention professionals, security and retail management. Get the latest news, best practices, technology updates, management tips, career opportunities and more.

No, thank you.

View our privacy policy.