Limiting Damage from Data BreachesAnirban Banerjee
Data breaches hitting the headlines used to be a rarity, but today it is unusual to go a week without hearing about another business being affected. So far, 2016 has seen numerous attacks, including:
In January, FACC, an aerospace parts manufacturer that supplies heavy-hitters Boeing and Airbus, was the victim of cyber fraud. Instead of stealing data, the hackers used their access to steal €50 million ($54.5 million) in liquid funds from the business.
In February, hackers breached the database of the U.S. Department of Justice, capturing employee data that included names, phone numbers, and email addresses. The data was later released, compromising 10,000 Department of Homeland Security employees and 20,000 FBI employees.
In March, hackers hit Verizon Enterprise Solutions, a division of Verizon that provides IT services, including data breach assistance, to their customers. The hackers made off with information on more than 1.5 million customers, which was later put up for sale for $100,000.
Other high-profile victims include the University of Central Florida, the IRS, Wendy’s, and Oracle.
But these breaches are just the tip of the iceberg: for every hack that hits the headlines, there are ten or even a hundred more that don’t because they involve smaller businesses. Yet these attacks are just as damaging to the businesses they affect – will your business be the next victim?
Data Breaches: Your Data and Property at Risk
There’s no safety in size, big or small. The businesses we’ve mentioned in our examples are massive, but businesses of all sizes are at risk. Hacking and identity theft can cost your business in lost funds, intellectual property, and customer & employee data. These thefts can damage your finances, your reputation, and your relationships with your customers and employees.
And although the biggest headlines often concern breaches of large technology companies and government institutions, any business in any industry can be targeted. If you hold digitally-stored data, you are vulnerable. Hackers don’t care what your business is – only that they can make money from your data.
The graph below shows the total number of data records stolen or lost by industry, as recorded by breachlevelindex.com:
Improperly Managed Privileged Accounts Put Your Business at Risk
What do most of the largest data breaches in history, including the 2013 hack of retailer Target, the attack on the Korean Credit Bureau that took 20 million identities, and Edward Snowden’s NSA leak all have in common?
They all exploited privileged credentials.
These high-privilege accounts have the ability to make sweeping changes to your core IT systems, access your most secure and sensitive data, and move laterally from system to system at will. This allows key IT personnel to take rapid action to correct faults and problems in your key systems, an essential task when even the smallest downtime can cost thousands of dollars.
But, in the wrong hands, this access allows them to be abused by either malicious insiders or outside threats, potentially causing massive damage, not only by data breaches. Experts estimate that upwards of 80% of serious incidents involve misuse of a privileged account as part of the attack.
Privileged Accounts Are Multiplying
As IT systems become more complex, with more specialists, it is inevitable that the number of privileged accounts will increase. For many businesses, the number of accounts has become unmanageable. Not only are there too many accounts to track manually, but the power behind a privileged account means that hackers can do an enormous amount of damage in a short time frame.
Research by Gartner indicates that as of 2015, just 5% of organisations were reviewing the activities carried out by privileged accounts – the other 95% had no record of what activities were being carried out.
If your business sits in that 95%, it is at serious risk. An unscrupulous insider or outside hacker could be stealing your data or intellectual property as you read this, but you would have no way of detecting it, let alone stopping it.
To protect your business from data breaches, you should:
Start Tracking Ownership of Privileged Accounts
Your business must track every account that has permissions above and beyond that of a standard user. In many businesses the number of accounts will change regularly and tracking them manually will not be possible. Instead, you should invest in software to help you track and manage these accounts.
Reduce the Number of Accounts Where Possible
Most businesses have too many accounts; it is often surprising how many accounts still exist for employees that have since left the company. You may also find that some users have permissions above and beyond what they need to perform their role, for these users access should be reduced to an appropriate level and data segregated to ensure each account only accesses what it needs to.
Track Accounts for Unusual Activity
Monitoring account activity for anomalies can give an early warning when an attack is in progress. The way that your accounts interact with your data, the location the user is accessing the account from, and the time at which they are doing so should all be tracked for erratic behaviour.
Onion ID gives your organization a complete control over the accounts used to access your data, helping you to detect and prevent threats before valuable data is lost.
1.Facc.com – Update: FACC AG Cyber-Fraud –
2.CNN – Hackers publish contact info of 20,000 FBI employees
3.KrebsonSecurity – Crooks
Steal, Sell Verizon Enterprise Customer Data
4.Data taken from breachlevelindex.com up-to-date
as of October 2016. Source: http://breachlevelindex.com/
5.Cyberark.com – CyberArk
Threat Report –
6.Gartner – Gartner
Says By 2018, 25% of Organizations Wil Review Privileged Activity
and Reduce Data Leakage Incidents by 33%
Also published on Medium.