February 13, 2023
A data breach is a security incident where an organization’s data is illegally stolen, copied, viewed, or released by an unauthorized individual or group. Common forms of targeted data include personally identifiable information (PII), proprietary information, financial information, and other sensitive material.
Any organization with sensitive data can be the subject of a data breach regardless of size or industry sector. Attack methods vary, but all data breaches follow four broad steps:
To complete this cycle, threat actors leverage numerous tactics to obtain data. Common methods include:
Stolen or compromised credentials: The threat actor uses a legitimate user’s credentials such as their login and password to access a target system.
Phishing: A malicious email using social engineering to manipulate the reader into giving the sender sensitive information such as credentials or access to a larger computer network.
Breach of third party software: Exploiting a flaw in a software used by the target organization. For example, leveraging a flaw in Microsoft Word’s code to access a company’s network.
Malicious insider: A person within the target organization who intentionally uses their access to steal data or help others steal data.
Accidental data loss: Can include the accidental publishing of sensitive data to the internet, a legitimate user unintentionally releasing their credentials, loss of equipment, and other mishaps.
According to research from the Ponemon Institute, the most common breach methods were:
Many data breaches can go months before the victim organization detects the intrusion and often costs millions of dollars in recovery. Some of the major consequences from a data breach include:
Yahoo, August 2013: Widely considered the biggest data breach of all time with 3 billion accounts impacted. In 2013, the company announced an initial estimate of 1 billion, then in 2017, increased the number to 3 billion demonstrating the difficulty of accurately assessing the damage of a breach immediately after it occurs. Hackers stole account information such as names, email addresses, birth dates, passwords, and more.
Solar Winds, April 2021: A routine update for the Company’s Orion software turned out to be a malicious intrusion tactic by hackers supporting the Russian intelligence service. Solar Winds estimated 18,000 personnel downloaded the false update leading to an estimated compromise of about 100 companies and a dozen government agencies.
LinkedIn, June 2021: The professional networking social media company found 90% of its user base impacted when data associated with 700 million of its members was posted to a dark web forum. A hacker group executed data scraping tactics to exploit LinkedIn’s API and retrieve information such as email addresses, phone numbers, geolocation records, and more.
There’s no better time than the present to start securing and preparing your organization to prevent a data breach. It’s not a question of if you’ll be targeted but when.
An effective plan should establish best practices, define key roles and responsibilities, and define a process for the organization’s response. Focus on restoring data and systems’ confidentiality, integrity and availability, and external requirements such as contacting an insurance carrier or law enforcement entity.
Once you understand the risks to your organization and the gaps within your cybersecurity defenses, set goals to mitigate risk. These efforts should be prioritized as part of a strategic roadmap to improve your overall cybersecurity.
Cyber talent is hard to find and expensive to retain. Professional security consultants have access to the latest threat intelligence to guide your cybersecurity and response to any intrusions or detected events.
Focus your limited resources on those areas of the network that are most critical to your business. Determine where your most sensitive data or networks are located and implement increased logging and network monitoring. Actively monitor network access.
Patching operating systems and third-party applications is one of the most inexpensive, yet effective ways to harden a network. Build a strong patch management process and ensure that critical security patches are installed as soon as possible. Update legacy software and systems.
The news is littered with companies that didn’t adequately protect their user accounts. Passwords are consistently reported as being offered for sale on the darknet. If your organization maintains user accounts, audit your password storage functions.
Remote access into your network should always require two-factor authentication. Consider also requiring 2FA for sensitive administrative accounts.
One of the simplest attacks is to use a default password that is shipped out-of-the-box by a vendor. Default passwords, especially for hardware devices (e.g., Wi-Fi routers), can allow direct access to critical data.
Testing readiness with tabletop exercises offers immense benefits when it comes to being operationally ready for a data breach. Working through roles, responsibilities and the steps of a complete incident response plan prepares a team for action and identifies weaknesses.
Training and educating your staff enhances and expands cybersecurity abilities. Consider classes on threat hunting to ensure a proactive approach to detecting intrusion attempts.
Organizations that are better able to detect and respond to breaches often have integrated fraud and IT security departments. Encourage regular information sharing in your organization.
Data breaches are prolific and your organization’s security will only be as strong as your personnel and their ability to detect threats. Try the industry leading software platform with a free trial. Start protecting your data today.
Start Free Trial
Leave a Reply