Data Breaches are on the rise, and it’s impossible to ignore that successful data breaches have escalated significantly in recent years. Cybercriminals are holding businesses to ransom at an alarming rate, and in some circumstances, sophisticated state-sponsored actors may be responsible for attacking government institutions and targeting the enterprise.
Hackers are stealing information via several methods, the most common include phishing, whaling, and even bribing insiders. Weaknesses in public-facing services such as SSH and RDP are arguably the number one reason for exploitation, and it’s the Dark Web that’s being used to showcase and sell the gains from the hacking community’s exploits.
Cybersecurity is incredibly important today and businesses must uphold the key principles of data protection and reduce the risk of being the victim of data exfiltration. Join us as we discover how creating security-defined rhetoric throughout a business can enhance protection and curb the rise of data breaches.
Data Breaches Are Growing Rapidly
A data breach is when a business or organization has private or sensitive data exposed. It is typically private customer data or corporate secrets that are targeted, and hackers will usually target businesses with weak security implementation. There are many different ways that data can be exposed, but weak passwords, malware, and ransomware have claimed some high-profile scalps in recent years.
Ransomware in particular has seen a surge in the last 10 years. Back in May 2017, the WannaCry attack brought awareness of ransomware to the general public. WannaCry was a highly infectious trojan that locked access to critical system data using AES encryption and demanded a ransom for the unlock key. The outbreak caused hours and days of downtime impacting swathes of businesses around the globe.
The attack vectors used have dynamically changed since WannaCry – the exfiltration of data is now a precursor to locking files with malware and ransomware. The hackers then have additional leverage to demand ransom payments via bitcoin payments. Hackers threaten to publish sensitive data if their demands are not met.
Researchers have estimated that US data breaches have surged 68% in recent years to an all-time high. The Covid-19 pandemic created a surge in phishing attacks against individuals and businesses. Interpol reported 907,000 phishing emails were in circulation between January 2020 and April 2020, quite a staggering figure that demonstrates how cybercriminals prey on the scared and vulnerable during a pivotal point of the global pandemic.
There have been several major data breaches in the last two years, one of the biggest was the SolarWinds Orion supply chain attack when hackers successfully breached Solarwinds content delivery servers and poisoned legitimate downloads with malware. It is believed that the breach impacted numerous US Government Institutions including the Department of Homeland Security and the Treasury and major US corporations including Microsoft.
Developing a Data Protection Strategy
To counter these risks, it is critical to enforce data protection standards in the workplace and to make it a success. Businesses should seriously consider invoking a clear, concise, and inclusive data protection strategy.
There are five key elements to consider:
- Undertake a Detailed Risk Assessment: A risk assessment or audit of IT systems is an essential first step. Its purpose is to identify areas within the business that process, store, and transmit sensitive business data. Identified areas of risk should be used to create a roadmap to resolution. The assessments should follow the NIST cybersecurity framework to Identify, Protect, Detect, Respond, and Recover security threats.
- Invest Time Classifying Business Data: If the business processes data that applies to certain data privacy rules such as GDPR, CCPA, HIPAA, and GLBA, it is critical to classify, sort, and categorize ‘at risk’ data.
- Educate and Train Employees: One of the most successful ways to protect against a data breach is to invest in employee training and education. An employee is the first line of defense and it’s essential to offer training about the current security threat landscape and teach how to identify phishing, malware, and other social engineering threats. Creating an inclusive and happy workplace can reduce the likelihood of malicious insider actors exposing data either directly or indirectly.
- Document Everything: The Data Protection Strategy should be published internally and be available throughout the business for quick reference. Documentation should include standards about what constitutes a risk, and what is a data breach, and include clear policies about user access and password protection. It must also include clear instructions on how to report an incident.
- Use Technology to Enforce Security Standards: All technology should be cataloged within a system inventory, knowing exactly what you have is a great first step. Servers should run a manufacturer-supported operating system and be patched monthly. Default passwords must be changed, servers, infrastructure, and software applications need to be maintained to the latest levels, and it’s highly recommended to invest in a backup solution and potentially have disaster recovery capabilities available. All technology should be tested with regular pen tests.
Improving Corporate Data Security
Despite all the threats of data breaches, it is reassuring to know that there are a lot of options available to improve corporate data security.
Here are some key recommendations:
- Data Encryption: Encrypting data at source using a minimum of AES-256 encryption will create a secure foundation to build upon. Encrypt at the disk layer and individually encrypt databases for added security.
- Network Encryption: Where possible encrypt the entire networking layer whether data traverses inbound or outbound. All VPN access must be encrypted by default.
- Web Application Firewall: Investing in a WAF creates a secure abstraction layer that protects underlying applications and database platforms from 0-day exploits which is a major advantage in preventing a data breach.
- User Access Controls: User Access is essential throughout the business. There should be no shared credentials and all defaults must be changed. Business-wide directory services such as Active Directory can enforce policies and password hardening.
- Detailed Logging: Although it’s possible to drown in log files, it’s paramount to log everything. Audit access controls, monitor for unexpected logins and report on file changes in scope for data privacy. If possible, feed data into a SIEM platform and use AI/ML to alert on anything that deviates from ‘normal’.
- Incident Planning: Expect the unexpected! consider business continuity planning in the event of a disaster scenario such as a total system outage caused by ransomware, or a natural disaster that takes a primary data center offline.
The importance of cybersecurity cannot be underestimated in the modern workplace. These days it is essential for all businesses to have an online presence and to invest in protecting these digital assets. The damage to business reputation and the inevitable loss of customers that happens after a data breach is far more damaging than investing in data protection. Never underestimate cybercriminals because they prey on the weak and look for security holes everywhere. Protect cloud assets, enforce strong password policies, and train employees to provide a united front against cybercrime.
Follow Techdee for more!