We had a conversation with Sergey Voynov, CEO of G-71, regarding his perspective on additional means of document protection.
It is crucial to bear in mind the recurring cyber incidents that underscore the risks involved in safeguarding sensitive data. Experts are well aware that leaks, deletions, and distortions can originate from external hackers or even trusted insiders like employees, contractors, or compromised systems. Sergey emphasized the necessity of prioritizing effective measures to secure information. From his perspective, the process of ensuring document confidentiality can be segmented into three fundamental parts.
Access Control
Monitoring
A “trust but verify” approach is most suitable when working with sensitive information. Even with formal non-disclosure agreements and user training on document handling protocols, organizations still face leaks. The distressing reality highlighted in the 2023 Insider Threat Report is that insiders account for 75% of all data breaches.
Organizations employ user activity monitoring tools to track and record user actions, enhancing security measures. Data Loss Prevention (DLP) solutions assist in identifying suspicious behavior and reducing the risk of internal threats by detecting potential data leakage attempts. However, these measures alone have proven inadequate in preventing unauthorized disclosure of confidential documents. Despite implementing Access Control and Monitoring tools, past cases have revealed that users with legal access to sensitive documents can still leak them without detection. This highlights the need for an additional crucial aspect to ensure data confidentiality.
Detection
The importance of an effective investigation system cannot be overstated. While skeptics argue that these systems merely investigate leaks rather than prevent them, the experience of justice reveals that the cornerstone of crime reduction lies in the inevitability of solving crimes. If the possibility of an anonymous leak is eliminated and each leak can be traced back to its source, such incidents would be extremely rare, as the consequences for the perpetrator would be severe—at least equivalent to political or career suicide.
Detective solutions encompass various approaches, including traffic and system log analysis, as well as event correlation performed by Security Information and Event Management (SIEM) solutions. However, these solutions, although helpful in investigating incidents, often prove inadequate in preventing leaks. Malicious users are aware that their actions can be logged and raise suspicion, leading them to employ alternative methods to exfiltrate documents safely. For instance, they may resort to taking a photograph of a confidential document using their smartphone. Unfortunately, such photographs strip away classification labels and metadata hidden within the file. Additionally, a photograph serves as compelling evidence of the document’s authenticity, making it a prized possession for attackers and a severe leakage threat for organizations.
Fortunately, rapid technological advancements have given rise to modern methods of protecting confidential documents. These advancements enable the safe sharing of confidential documents with authorized users without the fear of leaks. Imagine a seemingly ordinary PDF file that authorized users can interact with just like any other document. However, this file contains a comprehensive set of user identification that allows to swiftly pinpoint the user responsible for a document leak, even if only a small fragment. This identification is achieved through hidden anti-leak marks, referred to as steganography.
While steganography alone cannot prevent a malicious user with legal access from, for example, photographing an open document on their computer screen, hidden anti-leak marks are designed to reveal the name of such a malicious user directly from the compromised document. This acts as a significant deterrent for potential violators.
Recently, hidden anti-leak marks technology has been designed to protect confidential documents. Unlike the metadata embedded in file properties, these marks are directly embedded into the visible content of the document. Although imperceptible to the human eye, the system’s algorithm can read them from any part of the document. These marks are resistant to distortion and poor photo quality, ensuring their persistence even after printing, copying, and even when the document is sent via fax (if someone still does so).
Conclusion
According to Sergey, unfortunately, there is currently no comprehensive system available that can address all the cybersecurity tasks faced by organizations. As a result, organizations are compelled to implement separate solutions to tackle individual tasks. This often leads to complications for users, as they are required to take additional actions in the name of cybersecurity. However, the hidden anti-leak marks technology offers a pleasant exception to this scenario. It seamlessly integrates into any information system of the organization, transforming ordinary data warehouses or email systems into secure platforms. This integration does not impose the burden of learning new systems on users. Instead, it enables organizations to effectively deter leaks of confidential documents and promptly solve such occurrences.
