Data breaches and cyber-attacks are two terms that are increasingly making headlines in the world of Cyber security. Cyber-attacks are made to create data breaches and there are very few data breaches without cyber-attacks. The first has a causal relationship with the second.
Let us quickly look at some of the top data breaches just this year (till September 2, 2016) across industries…
| S.No. | Institution | What was stolen | Potential damage caused |
| 1 | FACC – An Austrian Aerospace parts manufacturer that has Airbus and Boeing as its clients. | Intellectual property like designs and process documents | Approx. US$ 54.5 million |
| 2 | US department of Justice | Personal data of 10,000 Department of Homeland Security employees and 20000 FBI employees. It included names, titles, phone numbers, and e-mail addresses. | NA (It will be next to impossible to quantify the damages if some of these employees are targeted by terrorists or criminals to get back on the US) |
| 3 | UC Berkely | Financial data of 80,000 Berkeley students, alumni, employees, and school officials of University of California. | NA (It will be again difficult to quantify the damages here. Fraudsters and extortionists can use financial data. It can also be used to manipulate individuals into sabotaging or stealing classified commercial research) |
| 4 | Snapchat | Names, Social Security numbers, wage/payroll data of 700 current and former employees. | NA (difficult to quantify the damages, but the possibilities are immense given the nature of information) |
| 5 | Snapchat | Names, Social Security numbers, and wage/payroll data of 700 current and former employees. | NA (difficult to quantify the damages, but the possibilities are immense given the nature of the information) |
| 6 | 21st century oncology, Fort Meyers based cancer care company | 2.2 million patient records, including names, social security numbers, doctor names, diagnosis, treatment information and insurance information. | NA (difficult to quantify the damages, but the possibilities are immense given the nature of the information) |
| 7 | Oracle | User names and passwords from 330,000 MICROS POS terminal cash registers | Still unclear |
The list is endless, however, if we look at the variety of industries that have been attacked, it becomes apparent that every company in every industry will have enough information that will be attractive enough for somebody to steal. Data is the new gold or rather, the new platinum, and a large number of skilled criminals are skimming and scheming for it 24 x 7 x 365 across the globe and across industries. It is not a question of who can be a target but rather when they will be the targets.
When looking at data breaches and cyber-attacks these are some of the key questions that we will try to look at briefly – What could be the possible motives of a data breach? What are the methods used for cyber-attacks? What are the key points of cyber-attacks? And… what can be the top level actions that might help enterprises fight this cyber security nuisance.
Data, especially classified industrial and personal data can be used for any number of nefarious purposes, limited only by the ingenuity of the cybercriminal; however two motives stand out – Financial fraud and Espionage. As per the Verizon 2016, data breach investigation report, 89% of the data breaches had these motives. The other includes fun (yes, people can hack into your system for fun!!), ideology and even grudge (don’t underestimate employees who are given a raw deal by corporations!!).
In terms of instruments or methods of cyber-attacks, Phishing is most often the tip of the spear. Legitimate credentials are stolen through Phishing attacks and then all hell breaks loose. Corporations can’t be too careful in safeguarding privileged credentials. They are the “Thor’s hammer” for a cyber-criminal. They can be used to destroy even the strongest threat defenses. Almost 75% of all data thefts that happened in 2015 can be attributed to theft of a privileged credential.
Hacking (use of stolen cards, Use of backdoor, Brute force) is followed by Malware (Spyware, Key logger, RAM or brute force) and exploitation of Social media through Phishing as the most rampant cyber-attack method or action is common.
Cyber-attacks are focused on the servers mostly, followed by user devices and then on individuals, media, kiosks and networks.
At the top level these are some steps that can be taken to prevent data breaches and cyber-attacks. It is good to know the vulnerabilities. Use vulnerability scanning to understand which are the vulnerabilities that are being commonly used by the criminals, see if they can be patched and patch them as quickly as possible. Organizational seriousness and agility in patching known vulnerabilities goes a long way in preventing data breaches. A report by BMC and Forbes Insights, reveals that a large number of breaches occur through known and unpatched vulnerabilities. About 44% of breaches occurred after the vulnerabilities had been identified. It is also critically important to prioritize the systems/vulnerabilities that need to be patched. The same report also cites that this happens because the security and the operations teams have different priorities.
Filter e-mails. Educate employees on the modus operandi of the criminals so that they don’t open suspicious e-mails and also understand suspicious activity. Ensure multi-level authentication between user networks and high importance systems.
To the extent possible, being up to date on the vulnerabilities that are being exploited by the criminals of today, to the extent possible (near real time threat intelligence) arms you the best in defending against cyber-attacks. If these vulnerabilities can’t be patched, then try to isolate the system or apply change of configuration in a manner that makes it more difficult to break into. Think about replacement. Analyze the changes that have taken place between successive scans or over a period to identify risky changes in configurations and unknown devices in the network.
Mahendra is a former Happiest Mind and this content was created and published during his tenure.
