Now, more than ever, it is crucial to prioritize investments in advanced threat intelligence, monitoring systems, and ongoing employee training.
In 2023, there has been a worrying increase in data breaches. During the second quarter of 2023, more than 110 million accounts were compromised, a staggering 2.6 times more than in the first quarter of the year. Recent findings reveal that the average cost of a data breach has reached $4.45 million, including direct costs such as fines and legal proceedings, as well as indirect costs such as reputational damage.
The good news is that the causes of such breaches are often trivial and within your control, such as neglecting to change passwords or using overly simplistic passwords, or overlooking disabling access by a terminated employee. Businesses can easily mitigate risks to protect themselves from both data and subsequent financial losses. So what are the most common reasons for data leaks and how can they be handled effectively?
Global Business Development Manager at Qrator Labs.
Cloud misconfigurations
According to IBM, 82% of breaches involve information stored in the cloud. Cloud misconfigurations can lead to data exposure or even compromise entire environments. They take a variety of forms, including incorrectly configured storage buckets, insecure access controls, and poorly managed encryption configurations. These errors are often due to a lack of understanding of the cloud service provider's security features or a lack of oversight during the setup process. Attackers exploit these vulnerabilities to gain unauthorized access to sensitive information.
Solution:
– Follow the recommendations of your cloud service provider, such as AWS, Microsoft Azure, or Google Cloud. This includes setting up security groups, setting up proper identity and access management, and implementing encryption for data both in transit and at rest.
– Implement automated tools to configure and enforce security policies. For example, in Kubernetes clusters you can use Gatekeeper or Kyverno. They can significantly reduce the risk of human error.
– Additionally, look for software solutions and scripts to periodically check your cloud configuration against best practices and compliance standards.
Lack of permission control
The human element remains a major factor in 74% of data breaches and the most common reason is lack of proper permissions control. It means that users can access data and systems beyond what is necessary for their functions.
The main issues associated with this challenge include over-privileged accounts, where users have more permissions than necessary, expanding the attack surface. Additionally, there is concern about appropriate segregation of duties. For example, a single user may have the right to create and approve transactions. This leads to a higher risk of fraudulent activities. Outdated configurations also contribute to the problem. Imagine that a terminated support employee still has access to the company database. They could potentially download and sell sensitive data to competitors.
Solution:
– Implement the concept of least privilege to ensure that users and applications have only the minimum level of access required to perform their tasks.
– Use role-based access control to assign permissions based on job roles. This way, your team members will only see the resources and data necessary for their specific responsibilities.
– Implement multi-factor authentication by requiring users to provide multiple forms of identification before gaining access. Even if login credentials are compromised, MFA adds an additional security barrier.
Infrequent software updates
Outdated software often contains known vulnerabilities. When companies do not update regularly, they leave a window of opportunity for cybercriminals. A case in point is Memcached, a distributed memory caching system widely used to improve the performance of dynamic database-driven websites. Vulnerabilities in this software were discovered in 2016; However, it was not until 2018 when a novel method for DDoS attack amplification using Memcached was exploited in notable network incidents.
Solution:
– Update at least once every half year. Ideally, you should implement a patch management policy that outlines procedures for identifying, testing, and deploying software updates in a timely and systematic manner.
– Use automated tools to speed up the process. Automation helps ensure that patches are deployed consistently across systems.
Insufficient perimeter control
This risk refers to a situation where an organization's network boundaries are not adequately protected, allowing possible unauthorized access to critical information or systems. The network perimeter serves as the first line of defense against external threats. Today it extends to cloud services, remote users and mobile devices. The attack surface has expanded even further with the proliferation of the Internet of Things. From smart thermostats to industrial sensors, these devices often become attractive targets for hackers. Recently, it was reported that the number of IoT devices involved in botnet-driven DDoS attacks had increased from around 200,000 a year ago to approximately 1 million.
Solution:
– Implement firewalls (such as Web Application Firewall) at network entry points to control and monitor incoming and outgoing traffic. Configuring them correctly allows only authorized and necessary communication.
– Implement Intrusion Detection and Prevention Systems (IDPS) to detect unusual or suspicious activities within the network. They can automatically respond to potential threats, mitigating risks in real time.
– Add encryption for data transmitted over networks, including local networks, for an extra layer of protection. This way, the intercepted data remains unreadable without proper decryption keys.
Other emerging threats
Among other emerging threats is the rapid advancement of artificial intelligence. Cybercriminals use it to evaluate attack strategies, significantly increasing their chances of success. It is also used to amplify the speed, scale, and range of your attacks. For example, hackers now use cutting-edge artificial intelligence to create convincing phishing campaigns in almost any language, even those with fewer historical attack attempts due to their complexity.
While other cyber threats also exist, they are rarely faced by businesses as they are typically targeted at large corporations, government systems, and critical infrastructure with top-notch security. These include advanced persistent threats (APTs) orchestrated by persistent, well-funded criminals and characterized by their long-term presence within a target network. These are generally state-sponsored cyberattacks motivated by political, economic or espionage reasons.
Protecting your business: universal tips
Apart from all the measures already listed, there are some general rules to keep your business protected. First, perform regular security audits and assessments, whether they concern cloud infrastructure, the status of software updates, user permissions, or the overall effectiveness of perimeter control. External audits or penetration testing can also help evaluate the organization's security posture.
Second, invest in advanced intelligence and monitoring solutions. They can detect threats and respond in real time. Such systems can use machine learning, behavioral analysis, and pattern recognition to establish a baseline of normal network behavior and detect deviations. Upon identifying a potential threat, the system will automatically activate response mechanisms: blocking suspicious traffic, isolating compromised devices, or alerting security personnel for further investigation.
Third, regularly train your employees to recognize and counter threats, especially phishing. The latter remains one of the most common methods used by cybercriminals to gain access to sensitive data.
Effective employee training consists of two key elements, which I refer to as the “stick” and the “carrot.”
The “stick” involves educating all team members about the company's security policies and legislative initiatives, such as the GDPR. It emphasizes collective responsibility in safeguarding sensitive data, which extends beyond the duty of the information security department. Training sessions should explain the consequences of violations, including possible fines and even dismissal. It is important to hold these events at least once every two years, if not more frequently. Additionally, companies should incorporate them into the new employee onboarding process.
The “carrot” aspect involves workshops, meetings and webinars focused on various cyberattacks and the latest advances in information security. This facet of training is designed to be more engaging and enjoyable. It may include some interactive activities, such as online games and simulations. Guest speakers may participate in these events, for example, employees from the IT department, representatives from other divisions sharing interesting cases, and external market experts.
Through combined “stick” and “carrot” measures, team members cultivate a herd immunity to information security issues, fostering a culture of mutual responsibility.
And of course, always stay abreast of the latest cyber trends to develop countermeasures in time.
We have presented the best online cybersecurity courses.
This article was produced as part of TechRadarPro's Expert Insights channel, where we feature the best and brightest minds in today's tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
