Data Breach Prevention:
How to Improve Cybersecurity in Your Company
By Serge Mihalap
No system is immune to cyber-attacks and unauthorized access. But do you know how common it is for companies to remain oblivious to a data breach? Moreover, employees responsible for these incidents often don’t know why they are at fault.
Read further to find out how to prevent data breach events and improve your cybersecurity.
What is a data breach?
A data breach is an occurrence of unauthorized access to protected information. Some experts like to distinguish data incident and data breach definition based on the consequences.
Usually, the term “data breach” means a security incident with a severe negative impact. Such impacts include data deletion, identity theft, trade secrets exposure, and, of course, the financial and reputational damage that follows.
The average cost of a cybersecurity data breach in 2019 hit the $3.92 million mark, according to the SecurityIntelligence report. Norton Security’s 2019 research indicates a 54% rise in data breaches compared to the previous year, making data breach prevention more relevant than ever.
There’s no consensus on how to classify different types of data breaches. We prefer to divide them into two sub-categories — by target and breach method.
The breaches can affect individuals (information about private life, contact data, and other personally identifiable information), businesses (sensitive corporate data, critical software and databases), and governmental organizations (protected health information and government-restricted data).
As for the breach methods, they are multiple. Keep reading to learn about the most common ones.
How do data breaches happen?
You might think that data breach, security violations, and data loss incidents happen mostly due to hacker attacks. In reality, not all data breaches happen using SQL injections. A significant part of these incidents occurs as a result of employee negligence that hackers can effectively exploit.
Let’s take a look at some of the most common breach methods.
Phishing websites & emails
Users can download viruses and spyware on phishing websites – URLs disguised as legitimate platforms.
Sometimes, it happens because workers open infected emails from unknown senders. Users who don’t know how to avoid data breaches may be oblivious that their system got infected and that hackers are already downloading sensitive data.
Hackers can use phishing emails and websites to spread ransomware.
It’s a malware type that compromises and encrypts data, making it inaccessible until the user pays a ransom. Even then, no one can guarantee that you’ll get all your files back.
Poor password practices and management
Multiple accounts that share weak passwords are the easiest target for hackers.
Based on a 2018 Verizon report, over 81% of data breach incidents involve simple passwords (123456, qwerty, 111111, abc123, to name a few).
Passwords like these allow hackers to crack accounts even with dictionary attacks – specialized software that batch enters common password combinations into password fields.
Reusing one password for multiple accounts is another horrible practice, especially in larger enterprises. A single data breach can compromise the entire system if an employee has the same password for different accounts, putting his company at serious risk.
One data breach can compromise other accounts. Therefore, employees who reuse login credentials for different accounts put their company at serious risk.
SQL Injection (SQLi)
Hackers can perform a database security breach by injecting malicious code in the Structured Query Language (SQL) – a domain-specific programming language used for database management. This is one of the most popular types of data breaches.
Based on Akamai 2017 report, over 65% of software application attacks were SQL injections. Without proper security prevention measures, the perpetrator can gain administrative rights to databases and access protected information.
People store corporate information and login credentials in their smartphones, tablets, and laptops. These devices can be easily lost, injected with malware, or stolen.
As you might expect, retrieving data from personal devices is much easier than overcoming layers of corporate security measures.
Therefore, even organizations with top-tier data breach protection are not immune to a data breach due to employee carelessness.
It’s much easier to access protected information from within the organization. According to SEI research, the most common acts of insider attacks include:
- Modifying or stealing corporate information.
- Trade secrets theft.
- Sabotage of networks and databases.
Of course, not all privileged users compromise sensitive data intentionally. Based on the 2019 DTEX Insider Threat Intelligence Report, careless behavior causes about 64% of insider incidents.
Signs of a data breach
Even with the latest technology, high-level organizations and governments still can’t detect all data breaches fast enough to mitigate damage. According to Bitdefender’s 2017 survey, 64% of cyber attacks remain undetected, while 74% of breached IT companies don’t know what caused them.
In addition to this, detecting data breach is an extremely long process. It took over 101 days for an average organization to discover an interference in 2017 (based on FireEye report).
Before learning how to prevent a data breach, companies and individuals need to understand how to detect security incidents. Let’s look at common signs that someone tampered with a system:
1. High traffic volume.
Unusual traffic patterns can mean a perpetrator uses your network to transfer data. Therefore, you should monitor traffic to detect abnormal activities.
2. File changes.
After infiltrating your system, a hacker could modify system files to weaken your security further. Consequently, a massive amount of changes to critical files warrants immediate follow-up investigation.
3. Unusual user activity.
Companies should review system logs while paying special attention to privileged user activities. You may need to enable data breach prevention measures if you notice high volume database transactions, batch permission changes, and users logging in from multiple locations in a short time frame.
4. Poor performance.
Is your device or internet connection running much slower than usual? Poor performance sometimes means malware infection. Employees should turn to the company’s IT team if they notice something like this to ensure data theft prevention. Moreover, we recommend notifying the IT team if you detect system processes that refuse to shut down.
5. Modified user accounts.
Unexpected account lockouts, group membership modifications, and sudden password changes are sure-fire signs of an infiltrated system. Users must report such activities immediately to ensure data breach prevention or to mitigate damage.
What should a company do after a data breach? We don’t recommend taking any impactful actions straight away. Otherwise, you can make it harder to find tracks and identify security weaknesses.
Employees need to notify system administrators and other responsible parties if they detect a security breach. The IT department should save and copy all logs and reports for further investigation. The organization should also notify stakeholders and superior bodies (for governmental units) about the potential breach.
Suspecting a breach?
Validate if your organization is currently breached or has been breached in the past. UnderDefense Services team of cybersecurity experts is ready to help.
How to prevent a data breach and protect critical information
Efficient data breach prevention involves all facets of the organization and every person that interacts with its system. This includes IT personnel, employees with administrative privileges, and even their personal devices.
Here are some universal ways to prevent data breaches:
Implement DID solutions
Defense in Depth (DiD) means the implementation of layered defensive mechanisms that prevent unsanctioned access.
Popular examples of DiD measures include:
- Advanced monitoring and analytics software (tools that notify you about unusual activities in the system).
- Effective anti-malware solutions (web application firewalls that filter out SQL injections, Intrusion detection/prevention systems etc.).
- Multi-factor authentication (account, application, or VPN login methods that enable users to enter one-time generated passwords).
Adapt the POLP approach
The Principle of Least Privilege (POLP) implies granting users minimal system access (just enough for an employee to fulfill his duties).
It’s a basic yet enormously effective strategy that reduces risks of unauthorized access.
Furthermore, this practice helps quickly trace the origins of the data breach back to the perpetrator.
Hold regular cybersecurity training
Organizations should take the time to teach their employees about security practices. Endera’s 2019 report states that 88% of security executives think regular employee training and evaluation help in data breach prevention.
Organizations greatly benefit from regular security awareness training that teaches employees:
- Best password management practices.
- Secure browsing (visiting reputable SSL certificated websites).
- Anti-phishing measures (not opening emails with attachments from corporate email).
- Rules of conduct on social media (what info not to share on publicly available platforms).
- BYOD security policies (enforcing employees to use business-grade VPN services and anti-malware software on personal devices).
Implement a disaster recovery plan and data backup software
Companies should have a plan in the event of data corruption or ransomware infection. Data breach response best practices include:
- Data backup software that regularly copies crucial files and databases to the cloud, making them easily restorable.
- SIEM (Security information and event management) tools that monitor users who interact with the system for suspicious activities.
- A disaster recovery plan that comprises disclosure strategies, a data breach response team, and detailed mitigation steps.
Organizations must know their security weaknesses and strengths to prevent data breaches and, therefore, act on reducing potential damage. Full-scale security risk assessment and compliance audits allow companies to identify the best approaches to security breach prevention.
UnderDefense will detect loopholes in your system, identify internal and external vulnerabilities, and verify if employees adhere to data breach prevention instructions. Furthermore, our experts will react fast if they find security incidents.
Is your business protected?
Perform an objective evaluation of your cybersecurity posture.
Contact us to learn more about the security assessment.
by | Feb 24, 2020
by UnderDefense | Sep 17, 2020
by Sep 17, 2020 |