We are often asked about data breaches and the damage they can and do cause. The way to limit such damage is to spot them quickly or to stop them happening in the first place. This is not easy to do but here are some practical tips to help you stay safe and we look at some of the causes of breaches that commonly occur.
Weak Credentials and Stolen Information
Weak or easily guessed passwords are exploited in over 80% of breaches. It’s one of the simplest ways to commit cyber-crime, because if you have access to someone’s account you don’t need to bother with hacking tools or social engineering techniques.
It doesn’t take a great deal of effort. Cyber criminals use a computer program to break into computers. This is sometimes referred to as a brute force attack as the program batters the login page with millions of commonly used passwords until it finds a match. This normally doesn’t take long because, despite repeated warnings, people persist with simple and commonly used passwords. The use of the word ‘password’ as a password is still very common! A quick trawl through a user’s Facebook account will often reveal pets’ names and relatives which are also commonly used.
A strong password isn’t a word at all. It might be a phrase or a line form a song perhaps punctuated by dashes or other symbols or perhaps numbers. A really complex password is great unless of course you cannot easily recall it, at which point it is written down which is not good practice. The best way is to store the password in a password ‘safe’ and then you never actually need to remember it.
We all get frustrated when an application announces that it needs to update. This always happens when you are busy or in the middle of something very important, or maybe it just seems that way. The reason for these updates is not just product enhancements but improvements in security designed to keep us all safe from the bad folks out there.
All software is prone to vulnerabilities that the bad guys could exploit in a variety of ways. That’s why the people responsible for maintaining those programs routinely look for and address exploits before they are discovered by criminals. They don’t always succeed so technology can help. Running patch management is vital as it keeps applications up to date but also technology such as Intrusion Prevention Systems (IPS) can examine code entering the network and assess the risk and prevent the code entering the network.
This is the simplest crime of all. If an application vulnerability is uncovered by hackers before the application vendor then criminals can purchase a piece of malware that’s designed to exploit a specific vulnerability. Next, they need to find a system that contains that particular vulnerability and then they need to place the malware. In the case of ransomware, we saw massive attacks worldwide infecting Microsoft based machines that had not applied a patch issued by Microsoft to stop exploitation of a known vulnerability. The WannaCry ransomware cryptoworm infected in excess of 200,00 machines in 150 countries and demanded payment in the form of the crypto currency, Bitcoin.
There are many types of malware available and includes but is not limited to adware, bots, viruses, spyware, ransomware, trojan horses, and worms. Sometimes it is impossible to know that you have been infected as some malware tends not to make great demands on resources such as CPU and memory.
Other malware, such as ransomware, makes its presence clear, locking users’ computers and demanding payment for the decryption key.
Malicious insiders, erroneous insiders and jokers
At a recent seminar, we asked a group of business leaders about how much they trusted their staff. There was a wide variety of answers but the problem is you cannot limit access to vital and or sensitive information if your staff are to be able to execute their duties.
However, experience tells us that staff do take data from a business and for a variety of reasons. There are three types of individual that can cause data to be lost:
1. Malicious – deliberately to cause harm or for profit
2. Mischief – perhaps on their last day they try to hurt the business
3. Mistake – poor training or just a sloppy attitude to security
This may sound harsh but selling data is big business on the dark web and many people can be tempted, some are even approached directly after their employers have been targeted as criminal know that the type of information they need is held there.
The reasons behind this are many but poorly paid and undervalued employees are often the problem. Greed can also play a part.
In GDPR we talk about creating a GDPR culture where we encourage everyone to take data protection seriously and that it becomes embedded in the company culture and we recommend that a security culture should accompany this.
You can buy technology to monitor the insider threat. Vendors such as ZoneFox www.zonefox.com monitor behaviours on the end point even when disconnected from the corporate network! Creating the right culture can reduce the need to deploy such solutions but you can never be too careful!
What can you do?
We have tried to show what can happen and the most common causes. It is widely expected that 1 in 4 businesses will suffer a date breach in the near future. We see them every day and they are so easy to prevent in 90% of cases.
Your security posture should always be in constant review and don’t try to achieve quality outcomes by using cheap countermeasures. You must understand where you are weak and plan to harden your defences.
Does your business have a Breach Management Plan? Does everyone know what to do or will they just call their manager Businesses that are well prepared for data breaches are much more likely to contain an incident quicker and reduce the financial and reputational damage it causes.
We now offer guidance on your security posture and can help you find the weaknesses and advise on how to harden them. We also offer staff training to help you create a Security Culture and GDPR Culture also.
Click here for your Guide to the GDPR.