Typically, when we think about data breaches or loss, we picture scenarios where vast troves of personal data are accessed through brute force attacks or phishing attempts, resulting in thousands or millions of records being impacted. However, the release of smaller amounts of data, even a single PDF document or PowerPoint slide, can have serious and damaging ramifications for an organization.
Last week, this very scenario played out for the enterprise technology leader Intel Corp. when the company’s internal public relations website was hacked and a single graphic from an unpublished quarterly earnings report was disseminated outside the organization. Intel scrambled to release its quarterly earnings report the same day the incident was discovered—rushing to publish prior to the close of financial markets to mitigate the adverse effects of this leak of material non-public information.
As financial cybercrime goes, the incident itself might appear to be small and isolated, but it highlights the significant value of financial data—even a single page from a slide deck—to anyone inclined to use illicitly acquired information to get a leg up in stock trading.
Although this incident occurred on a marketing intranet site, the risks of exposing and linking to sensitive data through communication channels like collaboration and chat are equally as risky. It is easy to imagine that the next iteration of this problem will surface when an Excel sheet with quarterly performance data is displayed through a Zoom screenshare, or a deck containing the details of a proposed corporate merger is sent over Microsoft Teams chat. The ease with which sensitive data can be shared marks emerging communications tools as the next frontier for privacy and information security—a new threat vector that must be managed like any other critical infrastructure.
Better, Automated Oversight Is Here
At Theta Lake, we understand that collaboration platforms like Zoom and Cisco Webex as well as chat systems like Microsoft Teams present unique regulatory, privacy and security risks to companies of all shapes and sizes. We help organizations to identify and manage these risks using AI-enabled detections to determine if sensitive financial, personal, or security information is being spoken, shared, or shown on collaboration and chat applications. For example, our platform detects when links to shadow IT storage like Dropbox or Box are shared in Microsoft Teams chat and when sensitive applications like Gusto or Quickbooks are displayed during a Webex screenshare. The use of collaboration and chat tools has boomed to support business operations during the pandemic, and their use will continue to expand as the concept of the traditional office is fundamentally altered. As a result, organizations using collaboration and chat tools must have a plan for supervising them for data privacy and security risks.
As demonstrated by the Intel incident, the disclosure of a single figure on a slide buried in a presentation can upend business operations causing substantial financial, regulatory, and reputational harm. In the new work from anywhere world, proactive regulatory, privacy and security controls for collaboration and chat applications are an essential part of any organization’s information security framework.