By Serge Mihalap
No system is immune to cyber-attacks and unauthorized access. But do you know how common it is for companies to remain oblivious to a data breach? Moreover, employees responsible for these incidents often don’t know why they are at fault.
Read further to find out how to prevent data breach events, protect data and improve your cybersecurity.
What is a data breach?
A data breach is an occurrence of unauthorized access to protected information. Some experts like to distinguish data incident and data breach definition based on the consequences.
Usually, the term “data breach” means a security incident with a severe negative impact. Such impacts include data deletion, identity and intellectual property theft, trade secrets exposure, and, of course, the financial and reputational damage that follows.
The average cost of a cybersecurity data breach in 2019 hit the $3.92 million mark, according to the SecurityIntelligence report. Norton Security’s 2019 research indicates a 54% rise in data breaches compared to the previous year, making data breach and data loss prevention (DLP) more relevant than ever.
There’s no consensus on how to classify different types of data breaches. We prefer to divide data breaches into two sub-categories — by target and breach method.
The data breaches can affect individuals (confidential information about private life, contact data, social security information and other personally identifiable information (PII), businesses (sensitive corporate data, intellectual property, critical software and databases), and governmental organizations (protected health information and government-restricted data).
As for the data security breaches methods, they are multiple. Keep reading to learn about the most common ones.
How do data breaches happen?
You might think that data breach, security violations, and data loss incidents happen mostly due to hacker attacks. In reality, not all data breaches happen using SQL injections. A significant part of these incidents occurs as a result of employee negligence that hackers can effectively exploit.
Let’s take a look at some of the most common breach methods.
Phishing websites & emails
Users can download viruses and spyware on phishing websites – URLs disguised as legitimate platforms.
Sometimes, it happens because workers open infected emails from unknown senders, giving hackers access to sensitive data. Users who don’t know how to avoid data breaches may be oblivious that their system got infected and that hackers have access to sensitive data are already downloading sensitive data.
Hackers can use phishing emails and websites to spread ransomware.
It’s a malware type that compromises and encrypts sensitive data, making it inaccessible until the user pays a ransom. Even then, no one can guarantee that you’ll get all your sensitive information back.
Poor password practices and management
Multiple accounts that share weak passwords are the easiest target for hackers.
Based on a 2018 Verizon report, over 81% of data breach incidents involve simple passwords (123456, qwerty, 111111, abc123, to name a few).
Passwords like these allow hackers to crack accounts even with dictionary attacks – specialized software that batch enters common password combinations into password fields.
Reusing one password for multiple accounts is another horrible practice, especially in larger enterprises. A single data breach can compromise the entire system if an employee has the same password for different accounts, putting his company at serious risk.
One data breach can compromise other accounts. Therefore, employees who reuse login credentials for different accounts put their company at serious risk.
SQL Injection (SQLi)
Hackers can perform a database security breach by injecting malicious code in the Structured Query Language (SQL) – a domain-specific programming language used for database management. This is one of the most popular types of data breaches.
Based on Akamai 2017 report, over 65% of software application attacks were SQL injections. Without proper security prevention measures, the perpetrator can gain administrative rights to databases and access protected information.
People store corporate information and login credentials in their smartphones, tablets, and laptops. These devices can be easily lost, injected with malware, or stolen.
As you might expect, retrieving data from personal devices is much easier than overcoming layers of corporate data security measures.
Therefore, even organizations with top-tier data breaches protection are not immune to a data breach due to employee carelessness.
It’s much easier to access protected information from within the organization. According to SEI research, the most common acts of insider attacks include:
- Modifying or stealing corporate information.
- Trade secrets theft.
- Sabotage of networks and databases.
Of course, not all privileged users compromise sensitive data intentionally. Based on the 2019 DTEX Insider Threat Intelligence Report, careless behavior causes about 64% of insider incidents.
Signs of a data breach
Even with the latest technology, high-level organizations and governments still can’t detect all data breaches fast enough to mitigate damage. According to Bitdefender’s 2017 survey, 64% of cyber attacks remain undetected, while 74% of breached IT companies don’t know what caused them.
In addition to this, detecting data breach is an extremely long process. It took over 101 days for an average organization to discover an interference in 2017 (based on FireEye report).
Before learning about data loss prevention (DLP), companies and individuals need to understand how to detect data security incidents in order to move to the data protection stage. Let’s look at common signs that someone tampered with a system:
- High traffic volume.
Unusual traffic patterns can mean a perpetrator uses your network to transfer data. Therefore, you should monitor traffic to detect abnormal activities.
- File changes.
After infiltrating your system, a hacker could modify system files to weaken your security further. Consequently, a massive amount of changes to critical files warrants immediate follow-up investigation.
- Unusual user activity.
Companies should review system logs while paying special attention to privileged user activities. You may need to enable data breach and data loss prevention measures if you notice high volume database transactions, batch permission changes, and users logging in from multiple locations in a short time frame.
- Poor performance.
Is your device or internet connection running much slower than usual? Poor performance sometimes means malware infection. Employees should turn to the company’s IT team if they notice something like this to ensure sensitive data loss prevention. Moreover, we recommend notifying the IT team if you detect system processes that refuse to shut down.
- Modified user accounts.
Unexpected account lockouts, group membership modifications, and sudden password changes are sure-fire signs of an infiltrated system. Users must report such activities immediately to ensure data loss prevention (DLP) or to mitigate damage.
What should a company do after a data breach? We don’t recommend taking any impactful actions straight away. Otherwise, you can make it harder to find tracks and identify data security weaknesses.
Employees need to notify system administrators and other responsible parties if they detect a security breach. The IT department should save and copy all logs and reports for further investigation. The organization should also notify stakeholders and superior bodies (for governmental units) about the potential breach.
How to prevent a data breach and protect critical information: DLP strategy
Efficient data breaches prevention and data loss prevention (DLP) involves all facets of the organization and every person that interacts with its system. This includes IT personnel, employees with administrative privileges, and even their personal devices.
Here are some universal DLP solutions:
Implement DID solutions
Defense in Depth (DiD) means the implementation of layered defensive mechanisms for prevention unsanctioned data access.
Popular examples of DiD measures include:
- Advanced security software (monitoring and analytics software are tools that notify you about unusual activities in the system).
- Effective anti-malware DLP solutions (web application firewalls that filter out SQL injections, Intrusion detection/prevention systems etc.).
- Multi-factor authentication (account, application, or VPN login methods that enable users to enter one-time generated passwords).
Adapt the POLP approach
The Principle of Least Privilege (POLP) implies granting users minimal system access (just enough for an employee to fulfill his duties).
It’s a basic yet enormously effective DLP strategy and data loss prevention (DLP) solution that reduces risks of unauthorized access.
Furthermore, this practice helps quickly trace the origins of the data breaches back to the perpetrator.
Hold regular cybersecurity training
Organizations should take the time to teach their employees about security practices in order to protect confidential information. Endera’s 2019 report states that 88% of security executives think regular employee training and evaluation help in data breaches and data loss prevention (DLP).
Organizations greatly benefit from regular security awareness training as from DLP solution that teaches employees:
- Best password management practices.
- Secure browsing (visiting reputable SSL certificated websites).
- Anti-phishing measures (not opening emails with attachments from corporate email).
- Rules of conduct on social media (what info not to share on publicly available platforms).
- BYOD security policies (enforcing employees to use business-grade VPN services and anti-malware software on personal devices).
Implement an incident prevention and response plan, disaster recovery plan and data backup software for data protection
Companies should have a plan in the event of data corruption or ransomware infection. Data breach response plan and best practices include:
- Data backup software that regularly copies crucial files and databases to the cloud, making them easily restorable.
- SIEM (Security information and event management) tools that monitor users who interact with the system for suspicious activities.
- A disaster recovery plan that comprises disclosure strategies, a data breaches response team, and detailed mitigation steps.
Organizations must know their security weaknesses and strengths for data breaches and data loss prevention, protect data and, therefore, act on reducing potential damage. Full-scale security risk assessment and compliance audits allow companies to identify the best approaches to security breach and data loss prevention.
UnderDefense will detect loopholes in your system, identify internal and external vulnerabilities, and verify if employees adhere to data breaches and data loss prevention instructions. Furthermore, our experts will react fast if they find security incidents.