Email data loss prevention

Can outbound data loss be worse than inbound attacks?

by Egress
Published on 2nd Aug 2022

We talk extensively about the impact of inbound cybersecurity attacks and the devastation they can cause, but what about outbound data loss? According to an IBM study, human error is the leading cause of 95% of cybersecurity breaches. That means 19 in 20 breaches could be avoided entirely if not for a person introducing risk either through human error, deliberately breaking security protocol, or malicious behavior.

A simple mistake can create havoc. “Human error will always be the biggest threat,” says Lisa Forte, Co-founder of Red Goat Cyber Security LLP, in our Cybersecurity experts’ views on email within Microsoft 365 report. “Every single one of us makes mistakes on a daily basis. Inevitably, that transfers to security and data risk too.”

Alongside Lisa Forte, we also spoke with Jack Chapman (VP of Threat Intelligence, Egress Software Technologies) to dig into the worst outbound data loss issues they have seen and why they are as much of a concern as inbound attacks.

The personal impact of outbound data loss

Sometimes, even relatively small-scale outbound data loss is so dangerous that it makes headlines. In 2021, over 250 Afghan interpreters working for UK forces were mistakenly copied into an email, meaning their personal contact details were shared when they should not have been. Many of the Afghan recipients were in hiding, and the breach put them at serious risk.

Defence Secretary Ben Wallace was forced to apologize on behalf of the Ministry of Defence, and the Home Office set to work providing security advice for those affected. That was probably of little comfort to those whose lives had been at risk.

Here, Lisa Forte reflects on another data breach that could have had dire consequences for innocent humans. She says: “One of the charities I’m currently working for, which deals with victims of domestic violence, had an employee accidentally send the files held on all the women in one particular refuge to the wrong list of people.

“It was an easy error to make, but due to the extremely sensitive nature of the information, emergency plans had to be put in place, and law enforcement involved to move all the women to a new location. There was no nefarious actor, no sophisticated attack – just a one-second mistake that thankfully didn’t cost lives but could have.”

The global ramifications

Some instances of outbound data loss have much larger consequences. October 2021 saw the release of the Pandora Papers – a leak of 11.9 million documents that exposed offshore accounts of over a hundred billionaires, celebrities, and 35 world leaders. The International Consortium of Investigative Journalists published the leak, and the ICIJ described it as its most expansive exposé of financial secrecy to date.

Then there’s WikiLeaks, founded in 2006 by Julian Assange, which publishes classified media leaks. Major leaks include publishing over 90,000 documents related to US military action in Afghanistan and, later, 400,000 documents about the war in Iraq.

“Most people will be aware of the seriousness of WikiLeaks,” says Jack Chapman, “which has permanently changed the perception of western intelligence agencies. It’s hard to imagine any impacts from an inbound attack coming close to creating a similar cultural shift that has damaged entire governments and operational methods.”

It’s short-sighted to assume that the worst risks come from outside our organizations and that those issues are the only ones we need to protect ourselves against. In reality, putting up defenses against outbound data loss is just as important, if not more so. That includes things like using the right email tools, predominantly, as well as training on how to be hyper-vigilant when handling sensitive information.

In our “Cybersecurity experts’ views on email risk within Microsoft 365” report, our panel of experts digs deeper into the cybersecurity landscape, the threats we’re seeing today, and most importantly, what we can do about them. You can download a copy of the report to keep and refer to.