Lessons From Major Data Breaches
According to the Identity Theft Resource Center, there were an all time record 1,579 data breaches in 2017, up 44.7% from 2016. This record is expected to be surpassed in 2018. No company, large or small, is safe.According to Heather Hixon of DFLabs (https://www.dflabs.com/blog/what-we-can-learn-from-recent-major-data-breaches/), every company should learn the lessons of recent high profile data breaches.
- Third party vendors can compromise your system. Target is a prime example; attackers stole credentials from the vendor Target was using to monitor and manage their HVAC system, and used them to gain access to Target’s point of sale system. Since almost every company uses third party vendors, who may need access even to top officials’ systems to do their work, organizations need to take precautions.
- Require the vendor to be audited for security gaps.
- Perform a network audit of systems and segments, and prohibit vendor access to sensitive areas.
- If a vendor must have access to systems that cannot be separated from the rest of the network, apply monitoring rules so abnormal activity can be detected immediately and access revoked.
- User and Entity Behavior Analytics will monitor networks for external threats.
- If vendors are required to obtain static IP addresses, usernames from different IPs can be flagged and shut down.
2. Don’t expose vulnerable systems to the Internet. One of the most common sources of a data breach is an unpatched vulnerability. Organizations need to apply security patches on a timely basis. Asset identification and management is essential; if necessary use an outside security provider. When moving operations to the cloud, hire a security provider who understands cloud infrastructure and security to assess and supervise the operation. Monitor the most vulnerable assets to reduce response time.
3. Avoid weak authentication and access controls. This is the source of most data breaches. Follow these rules:
- Require strong passwords.
- Change default user accounts and disable unneeded accounts (including those of ex-employees) to prevent account hijacking.
- Apply strict monitoring rules to elevated user accounts.
- If passwords are forgotten, be sure transmissions to recover or replace them are encrypted.
- Use Single Sign On (SSO) authentication.
- Use two factor authentication.
- Do not store passwords on the same database as user accounts.
- User access must be limited on the “least privilege” basis.
4. Just as the weakest part of a motor vehicle is “the nut behind the wheel”, the largest cybersecurity risk is the person who uses the computer. Human error is hard to predict and prevent. Insecure passwords, opening unknown attachments, sharing personal and confidential information online and leaving devices unattended persist no matter how often employees are trained to avoid these behaviors. Fortunately there are ways to protect users from themselves:
- Administrators can disable hyperlinks within emails.
- Use automation to detonate attachments in a “sandbox”.
- Use application and website whitelisting.
- Use remote browser isolation to create a physical barrier between a user’s browser and their local machine.
By implementing these recommendations you can reduce your chance of being the next data breach headline.