What is accounting fraud detection? Explanation of detection methods and effectiveness by AI
2023/ 8/ 23
What is legal due diligence (legal DD)?Explanation of purpose, flow, and check items
2023/ 8/ 25
The damage caused by information leakage in a company is wide-ranging, including economic loss due to decreased sales and compensation for damages, loss of social trust, and deterioration of relationships with stakeholders.In the event of an information leak, the people in charge of administrative departments such as the information systems department and the legal department need to quickly investigate what information was leaked and how.We will explain the main causes of information leaks, risks and cases, effective investigation methods when they occur, and how to select an investigation company.
Main causes of information leaks
"Information leakage" is an incident in which confidential information or customer information held by a company or organization is leaked to the outside.The causes of information leaks can be broadly divided into external factors such as cyberattacks and internal factors such as employee negligence.I will explain each factor.
Cyber attack/malware infection
External factors are mainly external cyberattacks such as unauthorized access and malware infections.Unauthorized access is when an outsider intrudes into a company's server or information system.Malware is software created for the purpose of causing devices such as PCs to operate illegally.
Intentional or inadvertent disclosure by employees
Among internal factors, inadvertent causes include human errors such as system malfunctions and erroneous sending of e-mails, as well as physical causes such as losing a laptop while away from home or accidentally destroying important documents. there is a mistake.In some cases, intentional misconduct by employees, such as retirees taking trade secrets and bringing them to new jobs, can lead to information leaks.
Effects and Cases of Information Leakage
We will introduce the impact of information leakage on companies and actual cases.
Impact of data breaches on companies
If personal information such as credit card information is leaked and misused, damages may be claimed against the company that leaked it.In addition, fines will be imposed for violations of orders of the Personal Information Protection Commission, which is an administrative body, and for false reports to the commission.If the leaked information was an important trade secret of a business partner, the amount of damages would be considerably higher.
Even if a company's important trade secrets, not those of customers or business partners, are leaked, not only will the company be forced to deal with the mass media, customers will leave due to the deterioration of its image, but the company's unique know-how will be leaked, resulting in a loss of competitiveness. The damage is immeasurable, such as a decline or being taken by other companies due to the leakage of customer information.
Cases of information leakage
An e-mail containing a virus pretending to be from an acquaintance was sent to the e-mail address of B, an employee of Company A. B opens it on a business computer and is infected with a virus.As a result, Company A's confidential information was sent outside by e-mail.A single targeted attack e-mail can infect a single computer with a virus, which can lead to the theft of important confidential information.
In addition, on the homepage of major esthetic company C, more than 3 names, addresses, ages, e-mail addresses, reasons for being interested in esthetics, body size, etc. Information has been leaked.The cause was a human error by person in charge D and a rudimentary mistake in the web server settings.Businesses that handle personal information must be careful.
Reference: Ministry of Internal Affairs and Communications Cyber Security Site for the People
https://www.soumu.go.jp/main_sosiki/cybersecurity/kokumin/business/business_case.html
Information leakage countermeasures that companies should take
This section explains the main information leakage countermeasures that companies should implement.
Do not take your PC out without permission
The use of portable terminals such as notebook PCs and smartphones is on the rise in all companies, but if the terminals are taken outside the company, there is a risk of information leakage due to loss or theft as well as intentional information leakage.It is necessary to create and enforce rules such as prohibiting unauthorized removal of equipment outside the scope of normal work and limiting the devices that are permitted to be removed.In order to minimize damage in the unlikely event of loss or theft, it is essential to take security measures for PCs, such as setting passwords.
Prohibition of bringing in devices or data from outside
If your personal device is already infected with malware, your company's connected devices may also become infected.Take measures such as not connecting privately owned terminals and storage media to the company network.
Installation and update of security software
There is also a way to protect your company's network from cyberattacks such as malware infection by using multiple security products such as firewalls and encryption.
Formulation of information security guidelines and implementation of employee education
By formulating guidelines and providing opportunities for security education, including the use of e-learning, we will raise the security awareness and knowledge of our employees, and disseminate them widely through in-house training.Exchanging non-disclosure agreements with all employees is also a deterrent to information leaks.By telling the company that it will also be damaged in terms of management, it will also encourage other employees to report whistleblowers.
[Related article] What should be done to prevent information leakage?We also introduce the causes, cases, and how to deal with the leak
[Related article] How to prevent information leakage by retirees?Introducing specific measures and case studies
Main expenses for information leakage investigation
When requesting a forensic investigation from a vendor to investigate an information leak, investigation costs include data processing and search costs, analysis and analysis (reviews), and data hosting.The review process usually accounts for the majority of the cost, and the final amount varies greatly depending on the scope of the investigation, such as the number of computers, and the content of the investigation, ranging from tens of thousands of yen to several million yen.
For example, in the case of malware infection, many terminals may be subject to investigation, and the total amount may reach tens of millions of yen.
Flow and Method of Information Leakage Investigation
We will explain the investigation method and flow when information leakage occurs.
Information breach investigation process
・Hearing, initial survey
Organize the circumstances in which the information leak occurred and set the scope of detailed investigation.If necessary, in order to prevent further damage or secondary damage, we will stop using the affected PCs and block access from the outside.
・Data collection/preservation and detailed investigation
A specialized investigative company collects and analyzes the data stored on the target device, investigates the cause of the information leak, how it occurred, and the evidence.
・Report and formulate countermeasures
Summarize the findings in a report.Investigating the cause will allow us to take measures to prevent recurrence, and by clarifying where responsibility lies, we will be able to prepare in the event that the company is sued.
Information leakage investigation method
Digital forensics is a field of forensic science that collects and analyzes information stored on digital devices to uncover evidence of crime or fraud.In many cases, the amount of information subject to digital forensics is enormous, and the number of investigative companies that utilize AI (artificial intelligence) to achieve efficient forensics is increasing.Utilizing AI, which is good at analyzing large amounts of data, not only improves the efficiency of investigations, but also improves the accuracy of investigations by allowing experts to concentrate their resources.
How to choose a forensic company for data breach investigations
I will explain the points to choose a forensic investigation company when investigating information leakage.
Do you have a high degree of expertise and a wealth of experience?
When choosing a forensic investigation company, the key points are the tools and technical capabilities used by the investigation company, and past investigation results.The results of the survey will vary depending on the equipment of the survey company and the skill level of the engineers.In particular, data recovery requires specialized tools and advanced technical skills.
Companies with a large number of investigation results have accumulated high technical capabilities and know-how on data recovery, so they can select the appropriate method for each case and respond at a reasonable cost.In particular, whether or not there is a track record of requests from listed companies, the police, government agencies, etc. is an important point in judging reliability.
Are you using AI?
By utilizing AI, work can be made more efficient and accuracy can be improved.It takes too much time to refer to and analyze a huge amount of digital data mainly by human power.In order to conduct quick and accurate investigations, research companies are required to make effective use of AI. It can be said that whether or not AI is being used is a big checkpoint when choosing a research company.
whether the cost is reasonable
The final cost of a forensic investigation varies greatly depending on the scope and content of the investigation.Choose a vendor with a clear cost structure.The use of AI in surveys has also been widely recognized recently, and significant cost benefits can be obtained by using AI to dramatically improve the efficiency of surveys.
When collecting quotations, be sure to ask for the total cost including AI and reviews, and compare not only the unit price but also the overall cost.
FRONTEO Forensic Investigation Case
We will introduce examples of information leakage investigations conducted by FRONTEO in the past.
[Case 1] Investigation on taking out confidential company information
Two years after former employee A moved to a competitor company, it was discovered that similar products were being manufactured without permission and sold overseas. From the log of the PC used by A, a large amount of data was copied several days before his retirement date.However, the large amount of data makes it difficult to conduct internal investigations, and the court held the view that ``it is necessary to identify the behavior of the person and the trade secret'' in order to identify the person who took the information out of the company.
Therefore, we asked FRONTEO to conduct a forensic investigation to ensure third partyity.As a result of building a unique database and investigating a large amount of log data on external HDDs and USBs, about 30 records of data were copied to USB memory, and after a few days the external HDD was deleted after unplugging the network cable. In addition, we confirmed the fact that we repeatedly wrote and deleted unrelated program files for about 120 hours.
*Detailed survey content"Take-out of confidential corporate information Operation log investigation related to the Unfair Competition Prevention Act"please look at
[Case 2] Survey on personal information leakage due to malware infection
Company B's PC was found to be infected with malware.We requested FRONTEO to conduct a forensic investigation due to the suspected leakage of personal information.It was decided to identify the infection route and trace traces of information leakage from the infected terminal.
Targeting hundreds of terminals, analyze with analysis tools, visualize attack routes, and identify damaged terminals.In addition, we conducted a survey of nearly 30 cyber black markets to see if leaked information is being bought and sold on the dark web.
As a result of the investigation, we were able to identify not only the PC where the information leak occurred, but also that the information was leaked to the dark web.
*Detailed survey content"Investigation of Personal Information Leakage due to Malware Infection"please look at
"FRONTEO" for high-precision and rapid information leakage investigation using AI
Since its founding in 2003, FRONTEO has been working to solve the problems of various companies as a pioneer of forensic investigations in Japan.We have an established reputation for our technology and know-how based on outstanding experience.
Utilizing our in-house developed AI engine KIBIT, we have achieved significant labor savings and cost reductions during document reviews. By combining our experience in dealing with projects and our in-house AI engine, we have achieved high accuracy and efficiency that other companies cannot. is realized.We have data centers in Japan, North America, South Korea, and Taiwan, and we have a system that allows us to store data without taking it out of the country, and we have perfect security.
