The most common types of data breach from CybelAngel
David Sygula, Senior Cybersecurity Analyst at CybelAngel is a senior cybersecurity analyst at CybelAngel. He has been in the IT industry for over 10 years. Exploring the Internet and unearthing sensitive data is part of his daily routine.
When a water leak is discovered in our homes, we act quickly to avoid further damage. Even the tiniest water leak can become a major problem, if left unchecked. Weaknesses in the piping system can lead to greater consequences beyond a small leak, including a complete structural collapse as the weakness expands. In the same way that most of us wouldn’t ignore a leak in our homes, we certainly shouldn’t ignore one in a business network. Data leaks within an organisation often hint towards a bigger issue.
Cyber criminals are opportunists and are constantly on the lookout for low hanging fruit they can exploit with ease. Open databases are one of their go-to targets. Last year, our analysts saw a rapid increase to 75 percent in unprotected databases hit with ransomware, compared to one and three percent the previous year. Data leaks, no matter how small, are a dead giveaway of exposed databases and other weaknesses, so they must be sealed up at the source.
How can we categorise data leaks?
Each data leak is unique – they’re dependent on the nature of the business network. But we have noticed similarities and can roughly categorise them accordingly. The main three classifications are: exposed databases, third party weaknesses and forgotten databases.
Whilst we might assume that assailants must be dark web masterminds with a toolbox of high-end tech to help them hack their way through the toughest of firewalls, the barriers for entry to cyber crime are lower than ever.
Often the cause of these breaches is simply down to exposed databases resulting from misconfiguration or poor password protection. Teams are essentially leaving open doors for opportunistic cyber criminals. One such case was the CVS breach in March this year when a database of 1 billion health service records was accidentally posted online. Fortunately, CVS was quickly notified and the database was taken down, but it still raises serious concerns around the management of critical and sensitive information.
It’s important to remember that no business is an island - there are always links to other parties. Within a supply chain, every individual security strategy impacts the rest of the chain. If one party has poor security, then every organisation connected could also be impacted. Roughly 60 percent of businesses have suffered a data breach caused by a third party, so this issue cannot be ignored. But it also isn’t an opportunity to play the blame game. Whilst the weaknesses may not exist within your own defence line, you have a responsibility to engage with other parties to ensure security expectations are being met across the board.
To add to the security challenges, companies now manage an ever increasing number of databases which makes the task of managing and keeping an accurate inventory of all the siloed systems more difficult.
This can happen when new databases are created and old ones are forgotten and unprotected, rather than removed.
There are several other ways to categorise data leaks, and often it isn’t down to a single cause, rather a combination of two or three issues. Whatever the trigger, the ramifications are significant.
The repercussions of a leak
The true impact of a data leak often isn’t evident until it’s too late. One research team from Comparitech took matters into their own hands and devised a test to see how long it takes a criminal to discover and attack an exposed database. A honeypot was created using an unprotected database and the team sat back and waited for the results to roll in. The outcome was staggering. The database attacks began 8 hours after the launch, with a total of 175 attempts made over the course of 11 days. Imagine that you set up a database one afternoon, log off for the evening, and when you return the next morning, your new database has suffered roughly 18 breach attempts. The speed of attackers has the potential to leave businesses reeling.
One of the main concerns following a data breach is the financial implications. The cost of breaches continues to climb, with the total amount for a breach of over 50 million records now estimated to be $392 million. Factor in the additional costs resulting from regulatory fines and legal costs and a small data leak could be all it takes for businesses to suffer a financial hit from which it can be difficult to recover.
Any data allowed to seep through the network perimeter – whether email logins or financial credentials – puts organisations at risk. Ransomware can be planted within the network, forcing businesses to make bigger pay outs, plus stolen credentials can be used to access confidential databases directly. Whether criminals are driven by financial gain, or are politically motivated, data leaks can provide them with the ideal entry point to the company’s most sensitive information.
What’s the best course of action?
The first step in tackling the issue of data leaks and exposed databases is to take a proactive approach to identifying issues before they become a problem.
IP scanning is a valuable tool for this approach, as it can help identify what these vulnerabilities are, and where they’re hiding. The technology scans the web and monitors for any indicators of a data breach, whether it originates from the central company or a third party. Staying on top of shadow IT is also of great importance. It becomes near impossible to monitor every database if some are being created on unknown devices. There are different solutions that are designed to scan for shadow IT and secure all assets held on the devices.
On top of this, digital risk solutions are a vital way to disrupt an attacker’s kill chain. By identifying where these exposed databases reside, teams can take down any exposed information. Visibility is critical. The cost of data breaches – both on a financial and reputational level – means that organisations should address and resolve external risks quickly before they can be exploited.
