It's not uncommon these days for an organization to declare a data breach incident, followed by an announcement of the extent of the breach, and the steps they're taking to mitigate loss. Some, like Dropbox, are even urging users to change passwords as a precautionary measure.
Regardless of size and sector, protecting confidential information is turning out to be increasingly difficult for many organizations. This data breach challenge often has to do with the rise of sophisticated techniques in data theft.
Why Data Breaches Happen
Although the increasing onslaught of data breaches is well documented, the whys and hows remain poorly understood.
In this blog post, we'll examine the three most common causes of data breaches: targeted attacks by hackers, insider abuse, and human error. Also, you will learn how you can combat these threats with a single tool.
The Case of the Nefarious Hacker
According this year's Verizon's Data Breach Investigation Report (DBIR), 4 out of 5 data breaches were attributed to external actors or hackers.
For these hackers, financial gain remains the top reason for their targeted attacks. "Espionage" and "Just for Fun" came in second and third. While servers remain the top target for hackers, more hackers are targeting users and their devices.
There are hundreds of vulnerabilities that hackers can exploit. Nevertheless, the following are the most common:
- Targeted malware (e.g. phishing)
- Web app attacks
- SQL and XML injections
- Exposure of sensitive data
- Security misconfiguration
- Improper credentials
- Weak or lack of session management and authentication encryption
The Sony hack in 2014— reportedly done via phishing emails —is a good example of a data breach committed by external actors. Here's what Stuart McClure, CEO of computer security firm Cylance, told POLITICO in this article after studying the database of emails after the hack:
“We started to realize that there was constant email around Apple ID email verification, and it was in a number of inboxes."
It turns out that these emails were fake. Also, it is worth noting that the aforementioned Verizon report found out that it only takes minutes or even seconds for data to be compromised by hackers, but could take weeks to discover.
The Case of the Disgruntled Insider
Both Verizon and Intel's 2015 report on data exfiltration point to a huge increase of insider threats. Insiders were responsible for 43 percent of data loss in companies that experienced data breaches in the past year—half accidental and half intentional.
Insiders who purposefully steal data often fall into the following categories:
- End-user who has access to sensitive data as part of their job such as those in leadership roles, system administrators, etc.,
- Employees who are about to leave and would love to use sensitive data for future career-building purposes,
- Terminated employees, and
- Third-party vendors.
Verizon also reported that financial gain, similar to external attackers' top motive, is also the top reason why insiders intentionally leak data. Espionage and "holding grudges" came second and third.
The case of a TCS (Tata Consultancy Services) employee who illegally accessed sensitive data over at EPIC systems corporation, as reported in this Capital Mind article, is an example of insider abuse via third-party contractors.
The Case of Human Error
Verizon reports the top reasons for unintentional insider mistakes are:
- Capacity shortage errors
- Misdelivery of sensitive information
- Publishing information to unintended audiences
- Misconfiguration errors (e.g. mistyping a firewall rule)
- Disposal errors (e.g. no standard operating procedure in disposing of company assets)
Unintentional human error was the leading cause of data loss in the healthcare industry. In the first half of 2016 alone, the HIPAA Journal reported that more than 11 million healthcare records have already been breached.
And the Biggest Threat to Data Integrity is...
The insider—whether intentional or accidental.
In short, your employees are your best assets and biggest threats. But why?
First, outsider attacks such as those by hackers can be readily addressed by standard or known security measures. On the other hand, insider threats are more challenging to predict because half of them are unintentional.
Second, when done intentionally, insiders already have access to the organization's sensitive information on a regular basis. Plus, they already know how that information is protected.
Protect Yourself from External and Internal Threats with File Integrity Monitoring
Managing both insider and outsider risks requires a combination of building processes, educating people, and adopting new technologies.
With technologies like CimTrak's file integrity monitoring, you can monitor your IT environment for configuration changes in real-time. Plus its Advanced Change Insight feature allows you to know the specific details behind all changes—including who made the change, what exactly was changed, when the change occurred, and the process used to make the change.
CimTrak also allows the comparison of files and configurations before and after the change. This will help you quickly examine changes for investigative purposes.
To learn more about choosing a file integrity monitoring solution to reduce data breach risk in your organization, get your custom demo of CimTrak now.
September 27, 2016