What is an information leak investigation? Explanation of investigation methods, case studies, and how to choose an investigation company.

The damage caused by information leaks in a company can be wide-ranging, including a drop in sales, economic loss due to compensation for damages, loss of social trust, and deterioration of relationships with stakeholders. In the event of an information leak, the information system department, legal department, and other administrative staff need to quickly investigate what information was leaked and how it was leaked. This section explains the main causes of information leaks, risks and examples, effective investigation methods in the event of an information leak, and how to select an investigation company.

Main Causes of Information Leakage

An incident in which confidential information or customer information held by a company or organization is leaked to outside parties is an "information leak. There are two main causes of information leaks: external factors such as cyber attacks and internal factors such as employee negligence. Each of these factors is explained below.

Cyber attacks and malware infection

External factors are mainly cyber attacks from outside, such as unauthorized access and malware infection. Unauthorized access is the intrusion of an outsider into a company's server or information system. Malware is software designed to make a PC or other device operate improperly.

Intentional or inadvertent disclosure by an employee

Among internal factors, inadvertent leakage can be caused by human error, such as system malfunction or e-mail mishandling, or by physical error, such as losing a laptop computer while out of the office or accidentally destroying important documents. In some cases, intentional misconduct by an employee, such as a retiree taking trade secrets to his or her new employer, can lead to information leaks.

Consequences and Examples of Information Leakage

The following are the effects of information leaks on companies and actual cases.

Impact of Information Leakage on Companies

If personal information such as credit card information is leaked and misused, the company from which the information was leaked may be subject to claims for damages. In addition, a fine may be imposed for violation of an order by the Personal Information Protection Commission, an administrative agency, or for false reporting to the Commission. If the leaked information was an important trade secret of a business partner, the amount of damages will be considerably higher.

In the case of a leakage of a company's own important trade secrets, rather than those of its customers or business partners, the damages are immeasurable: not only will the company be forced to deal with the media and lose customers due to the damage to its image, but it may also lose competitiveness due to the leakage of its proprietary know-how, or be taken over by another company due to the leakage of customer information.

Examples of Information Leakage

An email with a virus was sent to the email address of B, an employee of Company A. B opened the email on his work computer and was infected with the virus. As a result, Company A's confidential information was sent outside the company via e-mail. A single targeted attack e-mail can lead to the theft of important confidential information because a single computer was infected with a virus.

In addition, the website of a major esthetic company, C, leaked important privacy information such as names, addresses, ages, and e-mail addresses of more than 30,000 people who registered to request information materials, as well as the reasons for their interest in esthetic treatment and their body sizes. The cause was human error by Person D in charge and an elementary misconfiguration of the web server. Businesses that handle personal information must be careful.

Reference: Ministry of Internal Affairs and Communications Cyber Security Site for Citizens
https://www.soumu.go.jp/main_sosiki/cybersecurity/kokumin/business/business_case.html

Information leakage countermeasures that companies should take

This section describes the main information leakage countermeasures that companies should take.

Do not allow PCs to be taken out of the office without permission.

However, if a company takes a PC outside the company, there is a risk of information leakage due to loss or theft, in addition to intentional information leakage. It is necessary to establish and enforce rules such as prohibiting the unauthorized removal of terminals outside the normal scope of business and limiting the terminals that can be taken out of the office. In order to minimize damage in the event of loss or theft, security measures for PCs, such as setting passwords, are essential.

Prohibition of bringing in devices and data from outside the company

If a privately-owned device is already infected with malware, there is a risk that it may also infect other devices in the company to which it is connected. Take measures such as not allowing private devices or storage media to be connected to the company network.

Install and update security software

Multi-layered protection and encryption with various security products, such as firewalls, is another way to protect your company's network from cyber attacks such as malware infection.

Establishment of information security guidelines and employee training

Establishing guidelines and providing security education opportunities, including the use of e-learning, will raise employees' security awareness and knowledge, and make them widely known through in-house training programs. Exchanging confidentiality pledges with all employees is another deterrent to information leaks. By informing them of the damage that can be done to the company from a managerial standpoint, it also encourages other employees to whistleblow.

Main Costs of Information Leakage Investigations

When a vendor is hired to conduct a forensic investigation to investigate an information leak, the cost of the investigation includes the cost of data processing and retrieval, analysis and analysis (review), and data hosting. The review process usually accounts for the majority of the cost, and the final amount varies greatly depending on the scope of the investigation, such as the number of computers, and the content of the investigation, and can range from several tens of thousands of yen to several million yen.

For example, in the case of malware infection, many terminals may be subject to investigation, and the total cost may amount to several tens of millions of yen.

Flow and Method of Information Leakage Investigation

The following is an explanation of the investigation method and flow when an information leak occurs.

Information Leakage Investigation Process

Hearing and initial investigation
The situation in which the information leak occurred is sorted out, and the scope of the detailed investigation is set. If necessary, stop using the PCs, etc. covered by the scope and block access from the outside in order to stop further expansion of damage and secondary damage.

Collection and preservation of data and detailed investigation
A specialized investigation company will collect and analyze the data stored on the target terminals to determine the cause of the information leak, the route by which the leak occurred, and the evidence of the leak.

Reporting and formulation of countermeasures
The results of the investigation are compiled into a report. By identifying the cause of the leak, measures can be taken to prevent recurrence, and by clarifying where responsibility lies, the company can prepare for litigation in which it may be held liable.

Information Leakage Investigation Methodology

Digital forensics, a branch of forensic science, is the most common method of collecting and analyzing information stored on digital devices to reveal evidence of criminal or fraudulent activity. In many cases, the information subject to digital forensics is enormous, and an increasing number of investigation companies are utilizing AI (artificial intelligence) to achieve efficient forensics. Utilizing AI, which excels at analyzing large amounts of data, not only makes investigations more efficient, but also improves the accuracy of investigations by allowing experts to focus their resources.

How to Choose a Forensic Company for an Information Leakage Investigation

The following are points to consider when selecting a forensic investigation company for an information leak investigation.

Does the company have a high level of expertise and a wealth of experience?

When selecting a forensic investigation company, the key points are the tools and technical capabilities used by the investigation company, as well as past investigation results. The results of an investigation will vary depending on the equipment of the investigation company and the proficiency of its engineers. In particular, data recovery requires specialized tools and advanced technical skills.

A company with a large number of survey results will be able to select the appropriate method for each case at a reasonable cost, since they have accumulated high technical skills and know-how on data recovery. In particular, whether the company has a track record of requests from listed companies, the police, or government agencies is an important factor in determining reliability.

Does the company utilize AI?

Utilizing AI can streamline the work and also improve accuracy. It takes too much time to reference and analyze vast amounts of digital data using mainly human labor. To conduct research quickly and accurately, research firms are required to effectively utilize AI; whether or not they utilize AI is a major checkpoint in choosing a research firm.

Whether the cost is reasonable or not

The final cost of forensic investigation varies greatly depending on the scope and content of the investigation. Select a vendor with a clear cost structure. In addition, the use of AI in forensic investigations has been gaining recognition recently, and significant cost advantages can be gained by using AI to dramatically improve the efficiency of investigations.

When gathering quotes, be sure to ask for the total cost, including AI and reviews, and compare not only the unit cost but also the overall cost.

FRONTEO Forensic Investigation Case Study

The following are examples of information leak investigations conducted by FRONTEO in the past.

Case Study 1: Investigation of a company's taking out of confidential information

Two years after former employee A changed jobs at a competitor, it was discovered that a similar product was manufactured without his permission and sold overseas. However, the large amount of data made an in-house investigation difficult, and the court also held that "it is necessary to identify the person and the operation of the trade secret" in order to identify the information taken out of the company.

Therefore, we requested FRONTEO to conduct a forensic investigation to ensure the third-party nature of the data. As a result of our investigation into the construction of our own database and the large amount of log data on external HDDs and USB devices, we confirmed that approximately 300,000 items of data had been copied onto a USB memory device, that the external HDD had been unplugged from the network cable a few days later and then deleted, and that unrelated program files had been written and deleted repeatedly for approximately 120 hours. In addition, he repeatedly wrote and deleted unrelated program files for approximately 120 hours.

(For more details, please refer to "Investigation of Operation Logs Related to the Unfair Competition Prevention Act for Taking Confidential Corporate Information Out of the Company")

Case 2] Investigation of personal information leakage due to malware infection

A PC at Company B was found to be infected with malware. Since there was a suspicion of personal information leakage, FRONTEO was requested to conduct a forensic investigation. It was decided to identify the infection route and trace the traces of information leakage from the infected terminal.

Analysis of several hundred terminals was conducted using analysis tools to visualize the attack route and identify the affected terminals. In addition, we conducted a survey of less than 30 cyber black markets to determine if the leaked information was trafficked on the dark web.

As a result of the investigation, we were able to identify not only the PCs on which the information leak had occurred, but also the fact that the information had leaked to the Dark Web.

*For details of the investigation, please refer to "Investigation of Personal Information Leakage Due to Malware Infection.

For highly accurate and quick information leak investigation using AI, turn to "FRONTEO

Since its establishment in 2003, FRONTEO has been a pioneer in forensic investigation in Japan, working to solve a wide range of corporate issues. We have an established reputation for our technology and know-how based on our outstanding experience.

By combining our experience in handling cases with our own AI engine, we have achieved a high level of accuracy and efficiency that no other company can match. We have data centers in Japan and South Korea, and our security measures are thorough.