Two Massive Data Breaches in a Span of Two Weeks. What are the Lessons to Learn?
In mid-July, news emerged that Russia’s Federal Security Service (FSB) lost 7.5 terabytes of data as a result of a successful hacking attempt. The breach exposed details about some secret FSB projects that included plans to de-anonymize Tor browsing, scrape social media, and enable the Russian Government to split its internet off from the rest of the world. The hacker had subsequently passed on the data to some mainstream media outlets for publishing. The breach was caused by hackers from the 0v1ru$ group, who got access to the servers of SyTech, one of the largest contractors of FSB.
While the world was still reeling from the impact of this breach, news of another massive breach made headlines. On July 29, 2019, Capital One announced that it had suffered a security breach that had compromised personal information belonging to more than 100 million people. A hacker, later identified as Paige Thompson, an ex-Amazon employee, had been able to access sensitive information that one generally provides for a credit card application. This includes data such as full names, physical addresses with full ZIP and postal codes, phone numbers, email addresses, dates of birth, and self-reported income.
In addition, the hacker also stole details such as credit scores, credit limits, account balances, payment history and contact information. Within a day, Capital One was hit with a Class Action suit for its failure to take “reasonable care” to protect its customers’ data.
These two incidents are making it clear how data breaches have unfortunately become increasingly commonplace, and more intense in their impact. As per the 2019 MidYear Data Breach QuickView Report, an incredible 4.1 billion records were compromised as a result of 3,800 publicly disclosed breaches in just the first half of 2019.
In such a situation, what are the lessons that companies can learn from these two shocking data breaches?
1. Employees are Often a Weak Link
The Capital One breach was carried out by an ex-Amazon employee and targeted Amazon Web Servers. Several cybersecurity experts have therefore not ruled out the possibility that her employment with Amazon provided the hacker with the necessary knowledge to carry out these attacks.
So, it is imperative to ensure that there are processes in place to prevent misuse of information by employees as well as ex-employees. Make sure that your organization is following the CIA Triad so that no sensitive data lands into the hands of third parties.
2. Watertight SLAs with Contractors
In the case of the FSB breach, the data was stolen from a contractor rather than directly from FSB. Having water-tight agreements in place that define expected service levels and security can go a long way in preventing these types of attacks.
Check whether the person/ the firm to whom you are outsourcing all your business-critical data is following security practices and maintaining a strong security posture that is updated from time to time, without any vulnerabilities.
The Biggest Takeaway – Prevention is Better than Cure!
Capital One was slapped with a Class Action suit because it failed to take “reasonable care” to protect its customers’ data. Unless organizations give cybersecurity the importance that it deserves, they are constantly exposing themselves (and their customers) to the risk of breaches.
Even before you begin securing your data, the first step is data discovery. In our experience, for example, 38 percent of organizations did not even know that certain data existed in their systems. Accurate knowledge of all the data in your possession is absolutely critical.
In general, hackers take several months or even years to successfully breach an organization. So, intelligent log monitoring and threat hunting systems can help organizations to detect potential breaches long before they actually occur, enabling them to take corrective action pre-emptively. Also, organizations are often guilty of putting off tasks such as updating latest patches and upgrading older versions of operating systems. This can increase vulnerability and create a fertile ground for a breach.
In the event of a breach, quick incident response is crucial to prevent future breaches as well as to understand the extent of damage. Hence, there is a need to train security stakeholders on the why and how to implement security and take informed decisions in case of a breach.
Today, organizations need to understand that hacking attempts are a given. No organization is too small, and no process is too unimportant, every minute detail has to be secured. Given that most breaches happen by taking advantage of weak security posture, finding your weakest links and fortifying them is the only way to counter data theft.
True security can be achieved only when every entity takes security updating as a mandatory task and follows compliance from the heart. If only paperwork was sufficient to satisfy compliance, then this would be a golden era for data security!