cyber security guide data breaches can be prevented · enterprises victim to data breaches suffer...
TRANSCRIPT
DATA BRE ACHES CAN BE PRE VENTED
C Y BER SEC URI T Y GUIDE
23
5
6
7
1
8 Steps IT Professionals Can Take
48
BACKGROUNDA data breach can devastate an organization. When criminals steal an organization’s
sensitive customer data, or critical intellectual property, stakeholders often lose trust in the
organization and move their business elsewhere. In addition, a data breach often results
in expensive security audits and fines. As a result, a data breach often lowers the value of
shares in public companies for extended periods of time.
The rapid rise of high-profile data breaches such as the Equifax and SEC-Edgar data
breaches and their high costs shows it is critical for security professionals to reexamine
their current strategies and implement unified security across network, cloud, and mobile
environments.
DATA B R E A C H E S C A N B E P R E V E N T E D | 2
OVERVIEWCharacteristically, a data breach can be categorized as an attack on an organization.
Enterprises victim to data breaches suffer from sensitive data leakage of proprietary
or confidential information. This information includes: credit card numbers, personal
identification, passwords, financial, medical or government records. Data is extremely
valuable when it is proprietary and includes information with monetary value such as: credit
card numbers, social security numbers, extortion and trading (stock exchange).
BREAKDO WN OF BREACHES IN 2017 1
Banking/Credit/Financial
Business
Educational
Government/Military
Medical/Healthcare
2,908,580 Records
156,956,255 Records
1, 146,680 Records
5,802,233 Records
4,874,217 Records
DATA B R E A C H E S C A N B E P R E V E N T E D | 3
UNDERLYING CAUSES OF DATA BREACHESData breaches are caused by human error, not managing system patching or failing to
patch. These breaches can either be caused by an internal or external source. The underlying
causes to these attacks can be prevented by training, strengthening command and control
and investing in cyber security solutions.
Often these errors occur out of haste, accidentally exposing data, clicking on tainted links or
emails. These types of errors can even occur when someone accidentally emails sensitive
information to an unintended recipient. One of the most harmful and careless mistakes can
be caused by unintentionally configuring a database to be internet facing and searchable
through search engines.
An unpatched system is an open invitation with a weak spot, encouraging hackers to exploit
them. Failing to patch is bad. Failing to build an environment that is not resilient to missing
a patch or two is even worse.2 Lyft CISO, Mike Johnson highlights on the imperativeness
of patching, “Patching is simply a “must do.” There is no argument there. But anyone who
has worked in a business of any size knows there are sometimes reasons a patch cannot
be applied immediately. This must be prepared for and designed in. If you have built an
environment with the assumption that all systems will be 100% patched at all times, you
have a level of brittleness that will fail.”
DATA B R E A C H E S C A N B E P R E V E N T E D | 4
RECENT DATA BREACHES TO DATE
• Uber: In October 2016, the email addresses and phone numbers of over 57 million
Uber customers and the license numbers of 600,000 drivers were accessed by hackers.
Uber secretly paid hackers $100,000 to keep quiet but in November of 2017, Uber
decided to disclose the attack to the public.
• Equifax: Over 145 million records were breached on July 2017 making Equifax’s breach
the largest in history. Hackers exploited a vulnerability found in Equifax’s open-source
software, releasing troves of personal data including social security number, driver’s
license numbers, birth dates, addresses and credit card numbers.
• Wells Fargo: Due to human error, one of the bank’s own lawyers accidentally leaked
50,000 customer names, social security numbers and sensitive financial information
linked to the bank’s wealthiest customers.
• Ashley Madison: In July 2015, the Impact team leaked 25 gigabytes of company data
and user details. The data breach resulted in the exposure of fake accounts (bots) being
used to lure users into becoming members.
• Yahoo!: Yahoo! reported two major data breaches, one occurred in August 2013 while
the other was in late 2014. 3 billion users’ personal data including: names, email
addresses, phone numbers, security questions, data of birth and hashed passwords
were exposed.
• Sony: In November 2014, Sony’s movie The Interview caused a stir by a
group called Guardians of Peace. The group claimed to take more than 100 terabytes of
data from Sony, installed malware on employee computers and stole confidential data.
• Target: Over 41 million Target payment card account customers were affected and the
contact information of 60 million customers were exposed. In November of 2013,
cyber attackers gained access to their gateway through credentials stolen through a
third-party vendor.
DATA B R E A C H E S C A N B E P R E V E N T E D | 5
1.
2.
3 WAYS YOUR DATA IS BEING COMPROMISED
LOSING ACCESS TO DATA (RANSOMWARE)
Losing access to your data is also known as a ransomware attack. This type
of attack is the most frequently discussed type of data breach. These attacks
happen daily and are regularly making headlines. Ransomware attacks occur
more frequently than any type of data breach attack.
Ransomware attacks have a high price tag due to the fact that the attackers
hold hostage data that is extremely valuable. This data holds such a high
value that people will pay anything to have it returned. The longer the data is
withheld from the victim, the larger the risk becomes of suffering downtime
will significantly impact their business.
YOUR DATA HAS BEEN DUPLICATED (EXFILTRATION)
If your data has been duplicated, someone thought it was interesting enough
to use with malicious intent. These attackers will use your data for profit or to
expose confidential or propriety data. They can be categorized into three types
of attackers:
1. Hacktivist: A hacker who is exposing data for political or socially motived cause.
2. Espionage: Also known as a cyber spy, they will access the computer networks of governments or advanced businesses and take control of your IP.
3. Cybercriminals: These hackers often work in groups to profit from your data. They will often target a business POS, accessing credit card and PIN information.
DATA B R E A C H E S C A N B E P R E V E N T E D | 6
3.
If you have been the victim of data duplication, someone thought you were
interesting or important. A recent example of this type of data breach occurred
when an email prankster from the UK emailed Homeland Security Adviser, Tom
Bossert disguised as Jared Kushner about a “soiree” including a “personal
email” to reach him.
LOSING TRUST (BACKDOOR)
Losing trust or backdoor data breaches have been a major topic of interest
since the 2016 United States presidential elections. These types of attacks
are usually executed by Nation-States putting backdoors on voting systems,
for example, meaning attackers are able to access a computer system or
encrypted data, bypassing the systems security.
Unfortunately, these types of attacks can also be the most difficult ones to
detect. In order to protect yourself from becoming a victim of these types of
attacks, a firewall should be enabled to protect your data and block access
from unauthorized users.
DATA B R E A C H E S C A N B E P R E V E N T E D | 7
HOW AND WHY YOU NEED TO BE PROTECTEDEnd users always become victims when troves of their data are leaked, including personal
information, social security numbers, credit card numbers and PIN codes. Businesses will
lose the trust of their customers and a major data breach may even lead to executives
resigning from their positions. The damage done could majorly affect their credit long term
and can even lead to their identity being stolen.
Many of the attacks mentioned in this paper could have easily been prevented by adopting
security protocols. Almost every organization whether it’s a business, government
organization, healthcare facility, bank or individual contains private data that could potentially
be harmful if it gets into the wrong hands. So, what can IT professional do to further
prevent breaches?
DATA B R E A C H E S C A N B E P R E V E N T E D | 8
8 STEPS ITPROFESSIONALS
CAN TAKE
1First and foremost, educating and training your work force to take security precautions in order to prevent a breach from occurring.
EDUCATE AND TRAIN
2Creating a secure password and frequently changing it to prevent access.
SECURE PASSWORDS
3Reducing the ability to transfer data from one device to another decreases the risk of data getting into the wrong hands.
REDUCE DATA ACCESS
4Screening third party vendors to make sure that they have the proper security protocols enabled to prevent hackers accessing via their network.
SCREEN THIRD PARTY VENDORS
5Regulating employee computers and devices in which they have access to company data can be significantly reduced by using only encrypted PCs and devices.
ENCRYPT PCs AND DEVICES
6One way to prevent open access to sensitive data from being accessed is by creating an internal cloud where only those who need access to it, can access it.
CREATE AN INTERNAL CLOUD
7Implementing password updates and two-step authentication also mitigates this issue. Additional security measures such as limiting website access from work devices, frequent password changes, updating security software, and monitoring access to data can significantly reduce the risk of a data breach.
UPDATE PASSWORDS
8Frequent security software updates can prevent room for gaps in your security. Updating is crucial.
UPDATE SOFTWARE
Often, companies focus only on stopping hackers from getting in externally. While these security measures are prudent, it leaves the door open for inside jobs. Sensitive data can be accessed anywhere and by virtually anyone. Follow these steps to prevent the next data breach.
DATA B R E A C H E S C A N B E P R E V E N T E D | 9
CONCLUSIONThe need to protect your organization from data breaches is crucial. The risk of not
implementing proper security measures has become too high to ignore. Many of the high-
profile attacks discussed in this report were caused by gaps in security processes. Often,
businesses discover these gaps when it’s too late, as the threat has already manifested and
companies are forced to pay for the consequences of remediation. No one is safe from attacks,
so begin protecting your organization now.
Next Read: Cyberattacks can be prevented
More information: SandBlast
Resources
1 Identity Theft Resource Center Breach Report Date: 11/15/2017
2 LinkedIn post, https://www.linkedin.com/feed/update urn:li:activity:6322850010266501120/
DATA B R E A C H E S C A N B E P R E V E N T E D | 1 0
CONTACT US
Worldwide Headquarters 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 |
Email: [email protected]
U.S. Headquarters 959 Skyway Road, Suite 300, San Carlos, CA 94070
Tel: 800-429-439 | 650-628-2000 | Fax: 650-654-4233 |
c h e c k p o i n t . c o m
©2018 Check Point Software Technologies Ltd. All rights reserved