Stop the Hack, Don’t Just Find out about itAnirban Banerjee
Businesses that need to protect sensitive data may have methods for discovering hack attempts, but in many cases, they are frequently too late. Finding out about hack attempts isn’t good enough, especially if any of the hacks were successful. Relying on “intrusion detection” to prevent hack attempts means that you’re only detecting the hackers once they’ve actually gotten into your network system. The key is being able to stop hack attempts dead in their tracks, before they’ve gotten inside.
Keep in mind companies that work on handling customer data, financial information, health records and more, often have to comply with standards like PCI, SOX, SOc1 , SOC 2, HippAA, fedRamp, FFIEC and many more compliance requirements. Finding out about a hack after the damage has been done is not acceptable for businesses and not fair to customers of these businesses either.
What can we learn from these stories?
The following are true stories of businesses that were victims of repeated malicious attacks, which often exposed sensitive company data, and stole millions of customer payment methods, such as credit card numbers or other payment information. Here is what happened in each case.
Neiman Marcus – While the actual data breach was performed around July – October 2013, it was not disclosed until January 2014. It was eventually revealed that the data of 1.1 million customer’s was compromised. Investigations led to the findings that malware was installed on Neiman Marcus’s systems and it actively scraped the credit card date for a period of about 3 months. Major credit card companies confirmed that 2,400 different credit cards were used fraudulently as a result.
Michael’s Stores – The home goods and craft retailer reported that nearly 3 million store customers were affected by a data breach that compromised customer payment cards. This was the third event where customer data has been compromised by the retailer. The final report stated that Michaels and its subsidiary Aaron Brothers, were attacked by criminals using advanced malware which had not previously been seen by the security firms investigating the issue. The information compromised included credit card numbers and expiration dates over an 8 month period.
UPS – The shipment and delivery chain announced that 51 stores had suffered a broad-based malware attack that evaded current antivirus software. The malware was only discovered after consulting a third-party security firm. Data exposed by the incident included email addresses, postal addresses, and payment card information. The malware was in effect for 7 to 8 months. UPS wasn’t forthcoming with details of the malware attack, but many assumed it was similar to the other malware attacks around the same time at Michael’s and Neiman Marcus where point-of-sale systems were exploited.
Home Depot – An estimated 56 million customer’s credit card information was stolen, along with 53 million emails, due to a notorious malware that targets PoS systems. Home Depot assumes that hackers gained access to their network through a vendor account, in which they were able to access the PoS system. They reported that the criminal hackers were able to gain high level permissions that enabled them to deploy custom-built malware in its U.S. and Canadian checkout systems.
Kmart – The retail giant admitted that it had fallen victim to a similar malware attack as other companies, which targeted payment data systems. They were also hit with a lawsuit from NBC Bank, accusing Kmart of “elementary” security measures. Their data systems were found to be infected with a malware which slipped under antivirus software, and customer credit and debit cards were compromised.
All of the above attacks happened over the last two years, blind-siding large well know companies and leaving consumers feeling violated. As hackers become more advanced and use more sophisticated methods, it is crucial for companies to take a proactive approach.
Take Preventative Action
Don’t wait until it’s too late to protect yourself.
Keep Computers Updated – It’s crucial that you regularly update your operating system, firewalls, antivirus software, and other critical aspects of your computer. Pay attention to notifications and enable auto-updating features where possible. Microsoft, for example, regularly releases important updates and detailed notes on what the updates do for your system.
Use Strong Passwords – Make sure you are using passphrases instead of simple passwords. The most common and most easily hacked password is ‘password’. A strong password should utilize numbers, letters, and symbols. They don’t need to be overly complicated, you could substitute letters for numbers and include symbols in something easy to remember. If your favorite music band is The Beatles, for example, your password could be “7h3B34tLE5!”
Perform a Security Audit – It’s important to consult IT professionals or security firms on where your systems are most vulnerable. A security professional can provide consultation on where your infrastructure needs updating, and give you advice on how to prevent future attacks. What’s interesting to note is that in some cases, companies were warned about security flaws by a hacker, before the hack was made.
Train Staff on Security – Instruct your employees on proper password management, and to always be aware of the data security risks that human error causes. You should also hold employees accountable for data breaches that use their login information.
Clean out Unneeded Sensitive Data – If you no longer need files that contain sensitive data, get rid of them. If you need to hang on to it for some reason, keep it under a strong encryption.
Protect Mobile Force – Due to the increasing amount of employees working remotely, it is important to make sure their devices are secure. Consider utilizing a cloud service and 2-step authentication to ensure that wireless technology is properly secure.
Encrypt – Encryption is useful and can prevent data being read from a device, even if the device is lost or stolen. A thumb drive, for example, can be put under encryption, so even if a thief has the device, they cannot read the contents stored on it.
Lock Your Network – A common hacking method is for hackers to drive around with high-powered antennas, looking for weak or unsecured Wi-Fi signals. Once they get inside your network, they can begin stealing data. Update your network to current encryption standards such as WEP2, or create nonsense passwords with random strings of characters, numbers, and symbols.
Secure your Hardware – Physically securing hardware is just as important as passwords and encryption. You can utilize the Kensington Lock Port on your desktop or laptop to secure it to a desk, for example. Also consider rack-mounting hardware, and keep doors to your server rooms closed and locked. Some data breaches actually involved thieves walking out with server equipment and other devices containing sensitive information.
Permissions should be audited – An IDS (Intruder Detection System) could be utilized for companies processing a large amount of personal data. An IDS will alert you to any malicious activities within the system. You can also monitor activity coming from specific users to pinpoint the breach, which can be applied to not only the network, but system documents and applications. You could even utilize an IDS that will take a picture of a thief, if they’ve stolen a laptop or smartphone that has a front-facing camera.
Implement easy to use 2 factor authentication – Two factor authentication is highly useful to most companies, but the current security methods often fail due to complexity and being too cumbersome. The solution is ensuring ease of use, such as Onion ID. Onion ID Password Management features the ability to share accounts securely with invisible two-factor support, automated refreshes, and being able to store credentials in a private cloud or data center.
Securing important, sensitive data is crucial for companies both small and large. It’s estimated that around 60 – 90% of small companies, hit with large data breaches, almost never recover from the losses incurred. Staying one step ahead of the hackers, and not giving them any leverage to break into your system, is the best protection policy as hackers tend to target easy victims. If your network is too difficult to exploit, hackers will typically move on to find a different, easier target.
In spite of large retailers having Fireeye products, attacks still happened. Why? Because loss of credentials leads to horizontal movement by an attacker from server to server. Fireeye does not know whether a login to a server is real or not, Onion ID when used in conjunction with Fireeye, can provide true protection. Contact us today to learn more and protect your business.