With cybercrime damage costs expected to hit a staggering $6 trillion annually in 2021, it’s more important than ever to make sure you’re taking the appropriate preventative measures to avoid a data breach and learn how to prevent a data breach.
What is a Data Breach?
A data breach is an incident where internal or sensitive data is either viewed, extracted, or otherwise compromised by unauthorized personnel. Not all data breaches are intentional and could be a result of poor security practices or unwitting employees. Data breaches are a common type of attack which have steadily increased in popularity with malicious actors due to the damage they can cause and the potential for extortion payments.
Data breaches can result from numerous methods. Most commonly we see news of this occurring with ransomware or business email compromise attacks. Other ransomware attack methods which are just as successful include social engineering, insider threats, and unintended disclosure. Regardless of the hacker’s method of attack, data breaches can be devastating for organizations resulting in reputational and financial damages.
How Do Data Breaches Happen?
Data breaches occur when cybersecurity fails. Given the ability for organizations to easily store sensitive information and personal data within their network and that information will need to be shared between different groups and people, there are security measures that must be put in place to avoid potential compromise. There will not be any single method of securing sensitive and personal data within an organization. A defense-in-depth approach should be used to prevent cyber criminals’ access and the ability to exfiltrate this information.
Methods used to breach data include the following:
- Business Email Compromise: A business email compromise can be one of the most damaging attacks performed on organizations by cybercriminals. It exploits the most common method of communication used for personal and business reasons. These data security attacks allow threat actors to impersonate known sources and inject false data or malicious software into ongoing email communications. This can give them the ability to redirect payments and fund transfers, access data stored within share locations, as well as compromise additional accounts to facilitate further attacks.
- Mitigation: Use multi-factor authentication for all accounts. End-user training on what to look for with common phishing emails such as malicious links and attachments. Verification of payment and purchase information before completing the request. Prohibit automatic forwarding of emails to external addresses. Review inbox rules and access of users on a periodic basis.
- Unauthorized Access: This type of attack normally occurs from the transfer of malicious documents and files which will give the threat actor access to systems within the organization’s network. From this point, they will be able to move laterally through the network, gain persistence, and carry out more damaging attacks such as ransomware or payment card information theft. In recent years, threat groups have steadily been increasing the amount of data exfiltrated to increase extortion payments.
- Mitigation: Deploy application whitelisting across the enterprise. Use advanced identification methods such as endpoint detection and response solutions. Patch and update software on a routine basis or as new solutions become public. Use virtual private networks and implement network segmentation.
- Insider Threat: Insider threats can be extremely hard to identify and cause significant damage to organizations due to the level of access and trust they have. This type of threat can be a disgruntled employee who is looking to cause reputational damage to the organization or who is looking to make a career change to a competitor. There are also those that do not have the ability or competency to understand what they are doing.
- Mitigation: Engage and get to know your employees. Use asset tracking and data classification tools to understand where information is stored within your network and who can access it. Implement technical controls to monitor data, such as Data Loss Prevention (DLP) tools.
- Negligence. Many times, data breaches occur due to improper configurations or IT teams who just do not understand the type of security controls to put in place. This makes it easy for threat actors to gain unauthorized access and conduct unrestricted attacks.
Mitigation: Educate and train your IT staff and employees on proper data breach prevention procedures for system usage as well as common information security threats and attacks.
What are The Common Vulnerabilities in Data Breaches?
The number one vulnerability resulting in data breaches is the end-user. They will be the ones to fall victim to a phishing email, download a malicious attachment, or fail to implement proper security control to prevent an attack. Data security training is the best method to mitigate this risk. Organizations should train their employees on what to look for and how to respond to common attacks. This includes training IT staff on best practices and security implementations.
Other common vulnerabilities include misconfigurations within network appliances, outdated or unpatched software, social engineering attacks, and malicious software such as Trojans, viruses, and worms.
The creation of a defense in depth methodology will help organizations identify threats at various stages of the attack allowing for proper mitigation and remediation.
If your organization is to succeed where the threat of a cyber attack looms constantly, consider CyberMaxx’s five tips to ensure you’re adequately prepared for your data breach response.
- Data Inventory. First, your organization understands what types of sensitive data you maintain and where it’s located. You can accomplish this by creating and working with a cross-functional team to identify the types of data your organization creates, stores and processes. Once you understand what data you have, the next step is to work with your technology and business process experts to determine where the data lives. This is the first step in avoiding a data leak or breach.
- Risk Assessment. Once you have completed the data inventory, you’ll need to determine the risks to your data. A risk assessment will help you understand the controls currently in place to provide protection. It also evaluates the likelihood and potential impact of various scenarios (e.g. a major security breach). Completing the risk assessment will help you understand how and where to direct your resources.
- Technical Assessments, such as network vulnerability assessments and penetration testing, provide validation that your technical controls are working to avoid a security breach. These assessments should be performed periodically and after major changes in technology or business processes.
- Security Monitoring. Monitoring network traffic and system log files for known attacks and anomalous activity can help to detect attacks that may have made it through your defenses. With the sophistication of cyber-attacks constantly increasing, it’s important to have a monitoring capability in place rather than relying completely on your preventive controls.
- Response Plan. Finally, you need to make sure you have a solid plan of action for responding to cyber security incidents and avoiding data breaches in the future. We all need to be prepared to respond properly and in an organized manner when bad things do happen like a cyber attack. A thoughtful, well-coordinated response can have a huge impact on how the general public (and the marketplace) perceives a data breach.
Even the nation’s largest, most well-funded companies struggle to avoid data breaches. In order to be effective, companies need to view data breaches as something that is largely inevitable and work to ensure they have proper controls in place to prevent, detect, and respond to events when they happen. Developing this type of security process maturity will help set companies apart from their peers when the inevitable occurs.