Emerging trends in data breaches and how to address them
Addressing the human element in data breaches
Now, more than ever, it is crucial to prioritize investments in advanced threat intelligence, monitoring systems, and ongoing employee training.
In 2023, there has been a concerning surge in data breaches. During the second quarter of 2023, over 110 million accounts were compromised, a staggering 2,6 times more than in the first quarter of the year. Recent findings reveal that the average cost of a data leak has reached $4.45 million, including both direct costs, such as fines and legal proceedings, as well as indirect like reputational damage.
The good news is that the causes of such breaches are often trivial and are under your control, like neglecting to change passwords or using overly simplistic ones, or overlooking the deactivation of access by a fired employee. Businesses can readily mitigate risks to safeguard themselves from both data and the subsequent financial losses. So, what are the most common reasons for data leaks, and how can they be effectively handled?
Global Head of Business Development at Qrator Labs.
Cloud misconfigurations
According to IBM, 82% of breaches involve information stored in the cloud. Cloud misconfigurations can lead to data exposure or even compromise entire environments. They take various forms, including improperly configured storage buckets, insecure access controls, and mismanaged encryption settings. These errors often stem from a lack of understanding of the cloud service provider's security features or oversight during the configuration process. Attackers exploit these vulnerabilities to gain unauthorized access to sensitive information.
Solution:
- Adhere to recommendations from your cloud service provider, such as AWS, Microsoft Azure or Google Cloud. This includes configuring security groups, setting up proper identity and access management, and implementing encryption for data both in transit and at rest.
- Implement automated tools for configuring and enforcing security policies. For example, in Kubernetes clusters you may use Gatekeeper or Kyverno. They can significantly reduce the risk of human error.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
- Additionally, look for software solutions and scripts to regularly check your cloud configuration against best practices and compliance standards.
Lack of permissions control
The human element remains a significant factor in 74% of data breaches, and the common reason is the lack of proper permissions control. It means that users may have access to data and systems beyond what is necessary for their roles.
The primary issues associated with this challenge include overprivileged accounts, with users having more permissions than necessary, thereby expanding the attack surface. Additionally, there is a concern about proper segregation of duties. For example, a single user may have the right to both create and approve transactions. This leads to an increased risk of fraudulent activities. Outdated settings also contribute to the problem. Imagine a fired support employee still having access to the company's database. They could potentially download and sell sensitive data to competitors.
Solution:
- Implement least privilege concept to ensure that users and applications have only the minimum level of access required to perform their tasks.
- Utilize role-based access control to assign permissions based on job roles. This way your team members will only see resources and data necessary for their specific responsibilities.
- Implement multi factor authentication by requiring users to provide multiple forms of identification before gaining access. Even if login credentials are compromised, MFA adds an additional security barrier.
Infrequent software updates
Outdated software often contains known vulnerabilities. When businesses fail to regularly update, they leave a window of opportunity for cybercriminals. An illustrative case is Memcached, a widely utilized distributed memory-caching system for enhancing the performance of dynamic, database-driven websites. Vulnerabilities in this software were uncovered in 2016, however, it wasn’t until 2018 when a novel method for DDoS attack amplification using Memcached was exploited in notable network incidents.
Solution:
- Update at least once in half a year. Ideally, implement a patch management policy that outlines procedures for identifying, testing, and deploying software updates in a timely and systematic manner.
- Utilize automated tools to streamline the process. Automation helps to guarantee that patches are deployed consistently across all systems.
Insufficient perimeter control
This risk refers to a situation when an organization's network boundaries are not adequately secured, allowing for potential unauthorized access to critical information or systems. The network perimeter serves as the first line of defense against external threats. Today, it extends to cloud services, remote users and mobile devices. The attack surface has expanded even further with the proliferation of the Internet of Things. From smart thermostats to industrial sensors, these gadgets often become attractive targets for hackers. Recently, it was reported that the number of IoT devices involved in botnet-driven DDoS attacks had risen from around 200,000 a year ago to approximately 1 million.
Solution:
- Deploy firewalls (such as Web Application Firewall) at network entry points to control and monitor incoming and outgoing traffic. Configuring them correctly allows only authorized and necessary communication.
- Implement Intrusion Detection and Prevention Systems (IDPS) to detect unusual or suspicious activities within the network. They can automatically respond to potential threats, mitigating risks in real-time.
- Add encryption for data transmitted over networks, including local networks, for an extra layer of protection. This way, intercepted data remains unreadable without the proper decryption keys.
Other emerging threats
Among other emerging threats is the rapid advancement of artificial intelligence. Cybercriminals use it to assess attack strategies, significantly increasing their chances of success. It is also used to amplify the speed, scale, and reach of their attacks. For example, hackers now use cutting-edge AI to create convincing phishing campaigns in nearly any language, even those with fewer historical attack attempts due to their complexity.
While there are also other cyber threats, in reality, businesses rarely face them as they are typically targeted at large corporations, government systems and critical infrastructure with top grade security. These include advanced persistent threats (APTs) orchestrated by well-funded and persistent criminals and characterized by their long-term presence within a target network. Usually, these are state-sponsored cyberattacks driven by political, economic, or espionage motives.
Safeguarding your business: universal tips
Apart from all the measures already listed, there are a few general rules to keep your business protected. First of all, conduct regular security audits and assessments, whether they concern cloud infrastructure, the status of software updates, user permissions or the overall effectiveness of perimeter control. External audits or penetration testing can also help in evaluating the organization's security posture.
Second, invest in advanced intelligence and monitoring solutions. They can detect threats and respond in real-time. Such systems can use machine learning, behavioral analytics, and pattern recognition to establish a baseline of normal network behavior and detect deviations. Upon identifying a potential threat, the system will automatically trigger response mechanisms: block suspicious traffic, isolate compromised devices, or alert security personnel for further investigation.
Third, regularly train your employees to recognize and counteract threats, especially phishing. The latter remains one of the most common methods used by cybercriminals to gain access to sensitive data.
The effective employee training comprises two key elements, which I refer to as the "stick" and the "carrot."
The "stick" involves educating all team members on the company's security policies and legislative initiatives, such as GDPR. It emphasizes the collective responsibility in safeguarding confidential data, which extends beyond the information security department's duty. Training sessions should explain the consequences of breaches, including potential fines and even dismissals. It is important to conduct these events at least once in two years, if not more often. Moreover, businesses should incorporate them into the onboarding process for new employees.
The "carrot" aspect involves workshops, meetups, and webinars focused on various cyberattacks and the latest advancements in information security. This facet of training is designed to be more engaging and enjoyable. It may include some interactive activities, such as online games and simulations. Guest speakers can take part in these events, for example, employees from the IT department, representatives from other divisions sharing insightful cases, and external market experts.
Through the combined "stick" and "carrot" measures, team members cultivate a collective immunity to information security issues, fostering a culture of mutual accountability.
And, of course, always keep abreast of the latest cyber trends to develop countermeasures in time.
We've featured the best online cybersecurity courses.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Victor Zyamzin is the Chief Business Officer at Qrator Labs.