A data breach remains a common headline in the news cycle. A different company, website or social network reports a security issue almost daily. If it feels like using the internet has become a risky endeavor, the feeling is accurate.
But what exactly classifies an event as a data breach? The world wide web is littered with different security gaps and vulnerabilities. But that doesn’t mean they have been exposed or attacked yet. A true data breach is an event where an outside party has stolen, obtained or viewed information that they were not authorized to access.
The worst data breaches in history have affected hundreds of millions of people. But even an incident that appears relatively minor in terms of raw numbers can still have a damaging effect on a company’s reputation and revenues.
The rise of cloud computing has hidden the logistics of how data storage and management is handled. We shouldn’t overlook the reality that data must still reside on a physical hard drive or memory platform in order to be used and accessed on the web. Back-end databases are often replicated across multiple servers and hard drives in order to allow for better performance and reliability.
The reliance on physical hard drives represents a frequent risk when it comes to data breaches. Some cybercriminals specifically direct their efforts towards physically acquiring a piece of hardware from the actual premises of a company as opposed to trying to infiltrate from a distance through a network hack. The reason is that organizations oftentimes spend more time securing their digital systems than their actual location.
If a cybercriminal manages to make off with a hard drive or device, there is little that can be done to stop it from becoming a full-blown data breach. The stolen device does not need to be large. In fact, something as small as a thumb drive can expose passwords or credentials that are later used for a wide-scale attack.
One of the reasons companies are eager to shift their electronic resources to cloud providers is security. The company that operates the back-end data center is responsible for maintaining physical security of the environment and the assets inside.
When they don’t have physical access to data assets, cyber-baddies turn to software-based hacking to try to expose information from individuals or corporations. These types of attacks can be launched from anywhere in the world at the hacker’s convenience. The only tool needed is a computer and garden-variety internet connection.
Hackers typically specialize in either front-end or back-end vulnerabilities. The most common form of front-end attack is a SQL injection where the hacker manipulates a search or input field on a website to run an unauthorized query on the system’s database. Breaches often include sensitive personal information such as passwords, Social Security Numbers or credit card information.
All computer systems have local administrator accounts set up on them for normal operational and maintenance purposes. The risk is that if these accounts become compromised, then all of the data living on the servers can be breached. This kind of back-end attack is dangerous because it can be nearly impossible to figure out exactly what information has been exposed.
Insider Threats and Social Engineering
One mistake that many companies make is to assume that data breaches are always initiated by forces on the outside. In fact, the opposite can be true more often than you might think. People inside an organization have the most access to sensitive data, and when trust is broken, a breach is a common outcome.
In some cases, an internal data breach (this method comprises a whopping 42 percent of all attacks) is committed on purpose either by an angry employee or someone else internal to the organization who’s looking to sell the information for profit. A data breach occurs at the point in time when the rogue individual manages to move sensitive data from the internal network to an external drive or location.
The other internal risk for organizations is an attack that’s initiated with social engineering. This comes about when a cybercriminal looks to infiltrate a system by targeting a specific individual and tricking them into disclosing passwords or other credentials. A common technique is a phishing scam where users are urged to click on a suspicious link and enter personal information which bad actors can later use to execute a data breach.
No matter the size of your organization, there should be a team dedicated to ensuring IT security. They should set the rules for how access is managed to both hardware and software, limiting who can see confidential and/or private information to only those who have an essential need.
Strategy #1: As remote work becomes more common, so too does the use of virtual private networks (VPNs), which create a private tunnel between a device and the open internet. All data flowing through the tunnel is encrypted. Even if a hacker were to intercept the data, it would be unreadable and useless for their purposes. Proactive organizations, especially those that follow a BYOD policy or allow work from home, mandate employees know how to choose a VPN (or use one provided by the company) and configure it properly.
Strategy #2: The concept of network firewalls have been around since the early days of the internet and remain a useful defense mechanism. In essence, they allow you to specify what IP addresses can access internal resources and which ones should be blocked.
However, when data breaches happen, you rarely have time to update your firewall and block the incoming attack on the fly. That’s why smart firewalls and anomaly detection systems have gained increasing popularity. They are capable of using machine learning to track patterns and fire alerts when an unexpected event is observed, often helping stop potential data breaches before the attacker gains access.
The Bottom Line
As computer systems get more complex, it becomes harder and harder to protect against security holes and gaps. Besides, it’s well known that people who write software code have a hard time finding potential issues. Something about being to close to the code to see weaknesses.
For that reason, investing in an external penetration testing firm can be a smart decision. They will run an audit on your system and check for potential vulnerabilities that could lead to a data breach.
About the Author: Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.