Published On: November 4th, 2022Categories: CISO Challenges, IT ChallengesTags: , ,

Data breaches are common. And preparing for and preventing them is one of the biggest issues facing organizations today. Not only are the number of cyberattacks increasing – in fact, two-thirds of companies that have suffered an attack are hit again within a year.

Most data breaches go undetected for a long time – over 200 days according to the latest statistics. And, the longer a breach goes undetected, the more harm it can do to your business.

What kinds of data are malicious actors looking for?

Cybercriminals launch most cyber attacks, especially those against commercial entities, for financial gain. These attacks often aim to steal sensitive data, such as customer credit card numbers or employee personal information, which the cybercriminals then use to access money or goods using the victims’ identities.

Important questions you should be asking yourself:

  • What kinds of data do I have?
  • Is it financial information of your customers or employees?
  • Does the information give the attacker an ability to steal more?
  • Is the information a corporate secret which could be used by your competitors?

The most common data targets that attackers go after include:

Email

Thieves can use your email to send spam and attempt to log into other accounts that share the same email. Your emails are effectively a database of all previously used online services, accounts you may own, and acts as a digital map. Some attackers even review emails and use similar grammar and styling to impersonate users for business email compromise (BEC).

Encrypted Passwords

Most sites encrypt passwords. But hackers use software to crack weak ones within minutes or hours. Once they have access to your passwords, they’ll try them on as many accounts as possible. (This is why you should never reuse passwords across accounts.)

Full Name

Hackers use your name to find other publicly available information about you in your online footprint. With enough information, they can commit identity theft.

Phone Number

Cybercriminals can use your phone number for spam calls, identity theft, and SIM-jacking. This is where a thief claims your number for their own and receives all your texts and incoming calls.

Home Address

An exposed address can put you at risk of change-of-address scams, tax fraud, and other forms of identity theft.

Credit Card Numbers

Thieves can use stolen credit card details to pay for goods online or buy gift cards that can’t be traced (a scam called “carding”). This is even if they don’t have your physical card.

Social Security Numbers

Your Social Security number is perhaps the most vulnerable piece of information a thief can steal. With your SSN, they can commit identity theft, tax fraud, unemployment scams, loan fraud, and much more. (Plus, it’s not always possible to change your Social Security number – even after identity theft.)

Credentials & Keys

Attacks leverage stolen API keys and credentials to access different technology services used by the organization such as Cloud providers (AWS, GCP, Azure) and payment processors (Stripe, Braintree, etc.)

Proactive strategies for preventing a breach

Once you know what types of information are vulnerable, it’s time to protect yourself. While you can’t fully eliminate all risks of a breach, there are always ways to reduce the chance of one occurring – or occurring again.

Do a thorough vulnerability assessment

Organizations must do everything possible to protect critical assets. Between nation state actors, ransomware groups, and malicious actor cells, organizations are faced with more and more advanced attacks than ever before.

Proactively identifying and addressing vulnerabilities before they can be exploited and used in an attack is the key to prevention. Vulnerability management is the continuous process of identifying, classifying, prioritizing, remediating, and validating that security controls are effective in reducing the risk of an attack.

Your organization’s entire attack surface should be scanned to identify all your IP addresses, including external, internal (datacenters, corporate HQ, and satellite offices) and Cloud IPS like AWS, Azure, and Oracle. This will allow you to create an asset inventory along with a list of vulnerabilities associated with these assets. This list can be prioritized and sorted by severity level (CVSS score) as well as risk of exploitability so that remediation efforts can be initiated for the ones that pose the most risk to the organization.

Organizations should review their reported vulnerabilities on a monthly basis, preferably weekly or daily.

Subscribe to a risk assessment methodology

Risk assessments will help you understand the cybersecurity risks to your operations (i.e., mission, functions, image, or reputation), organizational assets, and individuals. In a number of circumstances, a risk assessment enables your organization to make informed business decisions by highlighting potential issues and revealing priorities for which areas to fortify first. Protecting your organization from adverse events like data breaches is a big reason why risk management is beneficial in cybersecurity.

Leverage threat intelligence

Every day new advisories, patches, and exploits are published by vulnerability databases, CISA advisories, and software vendors like Microsoft, VMware, Oracle and Adobe. A threat intelligence feed is a continuous stream of data related to current or potential security threats and offering information on various attacks.

With attackers becoming increasingly sophisticated, understanding the threat landscape allows organizations to identify and prioritize risks and implement the correct security controls to respond to threats. This threat intelligence can be used to investigate potential threats and the attack methods used by malicious actors.

Protect the data you collect

In business, data collection happens on many levels. IT systems regularly collect data on customers, employees, sales, and other aspects of business operations when transactions are processed and data is entered. Organizations also conduct surveys and track feedback from customers.

A data security threat can jeopardize the confidentiality, integrity, and availability of data. There are many security threats that organizations face daily – including malware, ransomware, phishing attacks, and social engineering.

To minimize threats, organizations should know exactly what type of data you have and to classify it into categories:

  • Public information
  • Confidential information
  • Sensitive information
  • Personal information

Sensitive data is often classified as confidential or secret. It includes:

  • Personally identifiable information (PII)
  • Protected health information (PHI)
  • Electronic protected health information
  • PCI data
  • Intellectual property

Organizations should take care in establishing and enforcing policies and procedures governing its use, encrypting it, deploying security technologies including firewalls and antivirus protection, and by conducting vulnerability assessments to identify areas of risk for it being disclosed.

There will come a time when your data becomes outdated and is no longer in use. It is important to get rid of that data when this happens because it could still harm your users if it were to be breached. This includes physical copies of any information kept on paper.

Require two-factor authentication for all employee accounts

Multi-factor authentication (MFA) adds an extra layer of security on top of credentials like usernames and passwords. It provides greater certainty that a user is who they claim to be before granting them access to an application, online account, or corporate network.

Here are a few examples of each type of MFA:

  • Knowledge-based factors include PINs, passwords, or the answers to security questions. Since this information is easy to lose or guess, it can be stolen by hackers through phishing and social engineering attacks.
  • Possession-based factors include mobile phones, key fobs, and hardware authentication tokens. Since these store or receive login credentials, they are more secure than knowledge-based factors. For example, SMS authentication sends an MFA code or one-time password to a user’s mobile device.
  • Biometric factors offer the highest level of assurance because they are unique to each user – fingerprints, facial recognition, and voice characteristics.

Even if bad actors manage to steal login credentials, MFA can stop them from gaining unauthorized access to accounts.

Establish security hygiene practices

Cybersecurity is everyone’s responsibility. With that in mind organizations and their employees should be aware of these cyber hygiene best practices:

  • Backups – Ensure mission-critical information is regularly duplicated and stored in a secure location.
  • Encryption – Use device and file encryption to protect sensitive data – both while at rest (in databases, flat files, Amazon S3, etc) and in-transit (leverage TLS enabled protocols like HTTPS).
  • Firewalls – Make sure firewalls and routers are properly set up and configured to keep bad actors out of private systems.
  • Password hygiene – Change passwords frequently using unique passwords and passphrases. Password managers help sync passwords across multiple devices.
  • Patch Management – Install software updates and security patches on both company-owned and personal devices used for work.
  • Allowlisting/blocklisting – Control which applications, websites, and email addresses can and cannot be used.
  • Authentication and Access Controls – Confirm that a user or device is who or what they claim before allowing access.
  • Asset Management – To protect IT assets, one must first know they exist. Inventory, manage, and track the assets that access your network.
  • Network Segmentation – Segmenting the network limits how far cybercriminals can move if they do manage to get inside a network. Segmentation will limit the damage and scope of an attack.
  • Secure Remote Access – A variety of technologies – CASBs, firewalls, VPNs, zero-trust network access – can help enable secure connectivity for users no matter their physical location.
  • Identity Management & SSO – Single Sign-On (SSO) and identity management technologies drastically reduce the attack surface of an organization’s online accounts by acting as a gateway to all services providers. This consolidates user logins to a single location, the SSO provider, and allows users to remember one strong password to access all their services. Especially robust when combined with two-factor authentication.
  • Internet Accessible Administrative Interfaces – Restrict access to remote administrative interfaces and do not expose configuration interfaces to the public internet. This removes the possibility for an attack to occur even if a vulnerability is discovered since the device is not even accessible from the Internet.

Train your staff

One of the biggest challenges with data security is the human aspect. Nearly a quarter of data breaches are caused by humans. And this doesn’t account for insider threats or phishing attacks.

Training your employees on data security is vital to your security and can help prevent a data breach. Security awareness training will help employees identify major types of cybersecurity threats:

  • Malware: This is malicious software that will harm a computer system. Often it enters a computer network when an employee downloads a suspicious file type or through a phishing attack.
  • Phishing: Phishing attacks occur when hackers use false identities to trick employees to provide sensitive or personal information. Teach employees to identify the email address and URL before clicking anything.
  • Ransomware: Ransomware attacks are when cybercriminals lock a computer with sensitive information on it until the victim pays a ransom.
  • Social Engineering: Social engineering attacks are usually orchestrated through human manipulation. These cybercriminals will trick victims into providing sensitive information.

Have a breach/incident response plan

Assembling your team in advance of an incident allows all those involved to thoughtfully and thoroughly vet through team members to find the best qualified candidates for your needs. Depending on the size and nature of your organization, these may include representatives from legal, forensics, information security, information technology, operations, communications, and management.

Once the team is assembled, preparing and practicing your response plan will ensure each member understands their role and can work together as an effective team. Thorough preparation for a breach incident can lead to faster reaction, and lower costs should a breach occur.

Being proactive in preparing for a potential breach can help your organization reduce some of the enormous recovery costs associated with an attack. The fact that most businesses suffered repeated attacks suggests that vulnerability management should be a priority in preventing cyberattacks. Proper management of any vulnerabilities found can prevent bad actors from exploiting the same flaw many times.

Share This Story, Choose Your Platform!

Overview
Tags
Alert Fatigue Asset Discovery Audits Automation Burnout Cloud Security Compliance CVSS Data Breach GRC MSSP Patch Management Penetration Testing Remediation Testing Remediation Validation Risk Risk Management Risk Prioritization Risk Scoring Statistics Strategy Threat Intelligence VSCORE Vulnerability Assessment Vulnerability Intelligence Vulnerability Management Vulnerability Scanning
Fresh Content Direct to Your Inbox

By submitting this form, you're giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.