Filter by Category

3 Lessons Learned from a Data Breach

Three lessons learned from a data breach

Data breaches have been plaguing organizations for years and the numbers continue to climb. After a breach, an organization goes into survival mode — trying to recover data, reestablish trust, and ensure they can keep their business running. It’s understandable that there isn’t much leisure time to sit back and reflect on what could have been done differently. So, we’ve done the work for you, laying out some simple lessons learned from the many breaches we’ve observed over the past few years, as well as ways they can be avoided.

1. Careless Employees Provide the Easiest Access

Internal actors are responsible for nearly 50 percent of all data loss. While some is intentional – frustrated or nosy employees or contractors deliberately deleting information or accessing inappropriate data – half is simple human error. Mistakes include unsecure file sharing, low-security passwords, and falling for phishing attempts, which continues to be one of the most powerful ways for hackers to gain access to your internal data.

Get the Guide: 6 Users to Put on Your Security Watch List

Over the years, the simple technique of phishing has worked to trick countless people into downloading malicious software or giving away their credentials. And as long as this method keeps working, attackers will continue to use it readily. In fact, according to the Verizon Data Breach Investigations Report, 94 percent of malware deliveries are completed through a phishing email of some type. This makes employees the most dangerous threat to an organization. Even if a security team is able to do a thorough investigation post-breach, discovering that the breach began with a phish may only result in a single employee being retrained, written up, or terminated.

However, systemic changes can be made, beginning with regularly deploying phishing simulation using social engineering pen testing services or tools. These simulations send out phish that are similar or identical to those being used by real attackers but allow you to safely identify what type of phish are most effective, and who is susceptible to these attacks. This enables you to pinpoint exactly what type of retraining is needed to ensure your employees are more vigilant.

Related Reading: 7 Steps to Protect Yourself Against Corporate Spear Phishing

Additionally, while you may not be able to eliminate this risk, even if threat actors get access to an employee’s credentials, there are still ways to manage insider threats. For instance, you can take preventative action to minimize risk by making sure you are following the principle of least privilege, using identity governance solutions and any of your software solutions’ access control features to limit employee access to only what is needed. That way, just because an account is compromised doesn’t mean that an attacker has unlimited keys to the kingdom.

Risk can be further minimized by monitoring for unusual user behavior so that compromised accounts are quickly spotted. A security information and event management (SIEM) solution can alert you in real time to abnormal activity like changes to user profiles and system values, invalid login attempts, or intrusion detections. While organizations may not be able to prevent every phish from remaining unopened, that doesn’t mean there aren’t plenty of ways to effectively manage this unavoidable risk.

2. Any Endpoint can be an Attack Vector

The very things that are streamlining and advancing our businesses are also putting us at risk. Smart technology is evolving at breakneck speed — but unfortunately, antivirus solutions specific to those devices has not yet caught up to it. This makes everything — security cameras, video conference units, HVAC systems, MRIs, CT machines, ATMs, SCADA systems, and countless other devices — a perfect doorway for threat actors looking for a way into an organization’s infrastructure. A number of breaches just in the last few years have traced the origin of attack to one of these types of endpoints.

Watch the Webinar: Are You Avoiding These Top 10 File Transfer Risks?

What’s truly distressing about these types of attacks is that these devices may go unnoticed if an organization does not have a network monitoring solution that can provide visibility for performance issues, outages, bandwidth, and any other changes in the network. With no way of seeing abnormal activity, this means that not only can they serve as attack vectors, they can remain infected for any given amount of time. For instance, many targets of ransomware attacks had been infected months before they received a ransom note. These persistent threats exacerbate the risk to the organization, and also make these devices ideal targets for threats not just looking to steal data, but processing power, like botnets.

So if there is no anti-malware for these types of devices, what can be done to reduce the risk that they pose? Focus needs to be less on prevention, and more on detection. Discovering threats as soon as possible is the best way to minimize damage. Advanced threat detection solutions monitor every type of device, confirming infections in real time so that you can act quickly and drastically reduce dwell time.

3. Large Servers are a High Value Target

Even those devices that do have antivirus as an option aren’t always properly protected. As mentioned earlier, attackers aren’t always looking for data to steal, they’re increasingly looking for processing power to borrow. Naturally, the best place to find it all in one location is from the servers of large enterprises. Increasingly sophisticated malware strains like Norman or PowerGhost and botnets like Smominru have focused in on large IT environments, targeting them for cryptojacking, leeching their power to create cryptocurrency.

Related Reading: Top Data Breaches of 2019: How You Can Minimize Your Risks

While attackers are deliberately attacking servers, many of these breaches still could have been avoided. Unfortunately, many organizations still rely too heavily on scanning their workstations, not thinking of their server as its own entrance point. If server-side antivirus isn’t skipped altogether, it may still be getting inadequate protection. Servers are typically on a different operating system from those workstations—like Linux, AIX, or IBM i. Attempting to scan your server with a Windows solution is not only unreliable, it can also add additional security concerns. Pairing workstation antivirus with a native solution for your servers builds the most robust malware defense by providing multiple layers of security.

Go On the Offensive and Protect Against Data Breaches

It’s time to take a look at your cybersecurity approach from a different point of view. As data breaches continue to increase, put yourself in the shoes of a hacker and uncover what makes your organization attractive, common techniques hackers use to breach organizations, and new strategies for protecting your sensitive data.

Related Posts


5 Ways to Tighten Cybersecurity Working from Home

Logistically, you’re good to go: employees are working from their home offices, spare rooms, and kitchen counters as if they’ve always been doing it, IT is keeping things chugging along on the…


Data Breaches in Singapore Spur Increased Cybersecurity Measures

Data Breaches in Singapore Spur Increased Cybersecurity MeasuresThe nation consistently ranked as one of the safest in the world – Singapore – was recently rocked by a series of serious data…


How a Data Security Breach Puts Your Organization at Risk

Data breaches are, unfortunately for organizations everywhere, becoming likely events rather than worst-case scenarios, as more and more organizations are learning. There are a variety of safeguards…


Key Cybersecurity Takeaways from the EasyJet Data Breach

A data breach can wreak financial and logistical havoc for companies who experience them, not to mention customers, employees, and others who depend on or work with the breached organization. And…


Signs Your Business is Ready for an Enterprise File Transfer Solution

Follow the Signs If you and your enterprise are needing to regularly transfer sensitive data between users, employees, and trading partners, it’s important to follow the signs. One wrong move,…