Cyber crime is not showing any signs of slowing down, in fact it’s estimated that the global impact of computer crime and data breaches will exceed $2 trillion by 2020. Criminals breach the networks, steal the data and then offer it for sale on the dark web, and it’s proving to be a profitable business model. Is there anyway to prevent a breach? Who are the targets of these criminals.
Year’s Biggest Breaches
The year isn’t over yet, but in 2017 has already seen the largest data breaches in history. And it isn’t industry-specific. By far the data breach that gained the most attention and could have the farthest-reaching impacts in the near term was the Equifax breach, where almost 150 million records were stolen, and because of the nature of Equifax’s company, the records contained everything needed to steal users identities.
Duns and Bradstreet, a company specializing in business information and records, also recorded a significant breach this year when a database containing 33 million customer records was stolen. The database came from a company that Duns and Bradstreet had purchased in a merger and has business information, including contact information and registration numbers, of major businesses.
Finally, in an ironic twist, Hitachi Payment Solutions was the victim of a data breach where 3 million personal and financial records of customers were stolen. Hitachi also runs a very large managed security services company, so this shows you that nobody is immune.
How They Get In
Hackers can get into the network in a variety of ways. The easiest way is through exploiting the human factor by sending phishing emails that have a malware attached.
Another way the malware gets installed is through watering hole attacks, which are when someone creates a website that is loaded with malicious software and then published content that would appeal to a particular industry, like a finance website with free templates for annual reports. When the user downloads the “free template,” it executes a piece of code that enslaves the computer or worse: installs a keylogger, and all information that the user types in at that point is now being seen by the hacker, including usernames and passwords.
Aside from software installations, the other way hackers gain access is through stolen credentials. This happens usually from another data breach of a different company, but since users tend to use the same password for all of their sites, it’s a matter of trial and error for hackers to discover credentials.
How to Protect Yourself
Protecting yourself from data breaches isn’t as complicated as it would seem. Ensuring that your operating systems and applications have the latest patches applied is a simple, straightforward technique that will protect you against any known exploits.
Educating users about phishing techniques and password security will go a long way in preventing breaches due to human error. Using a phishing simulator to reinforce that training is a good investment as well.
Most importantly, an integrated and automated platform like Sentinel One allows you to efficiently manage the security of your endpoints in real time. This platform offers advanced threat intelligence and threat hunting capabilities that protect your entire infrastructure against exploits before they have a chance to impact your data. It also uses the information it gathers from attacks to improve itself in the future, using pattern and heuristic analysis of the malware it encounters.
An attack on your network is inevitable, but with awareness and protection you can put up a wall large enough to warrant off even the most determined of hackers.