Have You Left Your Customers' and Employees' Information Vulnerable to a Data Breach?
A few weeks ago, one of Ulistic’s clients Raffi Jamgotchian from Triada Networks, a New York City Cyber Security consulting firm presented a fantastic webinar on data breaches. Worth checking out.
The 5 Stages of a Data Breach
- Information Gathering:
Hackers begin by gathering as much information on your company as possible through a variety of methods. Spam emails and phishing scams sent to your employees' accounts, purchased intelligence from third party sources, security search engines like Shodan, and even Google provide them with basic necessary information. There's more information about your company on the web than you might think, and hackers want it all.
Then, a recon program will infiltrate your system to gather information on different devices in the network. This will determine identification for the separate devices, where the valuable information likely is, and if there are any other networks connected to this one. Any low-priority computers will be compromised to serve the hackers purposes
- Lateral Movement:
High value targets will then be leveraged for greater mobility within your network. The hacker will escalate their privileges by guessing passwords, as many users tend to leave theirs as the default, which only makes the hacker's job easier. Once they have an administrator account, they can access the server to target the most valuable information: client and employee financial information, social security numbers and health records, all of which can be monetized for sale on the black market.
If the hacker believes your business could yield further valuable information in the future, they will set up back door access that will allow them to return and steal more data without tripping an alarm.
- Data Acquisition:
In the last stage the hacker will export all valuable information, which tends to be surprisingly easy given that most small businesses don't monitor what leaves their network. The data can be sent to any server through a website, such as Dropbox or Google Drive, where the hacker access it with ease for sale at a later date.
What Can We Do About It?
There are resources available to companies to help them determine what their digital vulnerabilities are:
- The Department of Homeland Security provides a framework for self-assessment
- The Council on Cyber Security provides the Critical Security Control:20 (CSC20), a checklist for business evaluation, however, it is meant specifically for use by security teams. If you already have service with an IT security vendor, inquire about the CSC20 with them.
This list covers a variety of ways in which security teams can help ensure their clients' digital security, including:
Know your system by keeping track of authorizations, legitimate accounts and be sure to prevent connection from outside wireless devices. Furthermore, be sure that your system is robust for your needs; improper configuration often leads to critical vulnerabilities. Also, properly train your employees so they know what they're dealing with, what the security procedures are, and how to identify a security concern when it arises.
Be sure to prevent remote access from any service that doesn't seem legitimate, and those that you do grant remote access to should be filtered appropriately. To prevent exports to external servers, be sure to control the flow of data both in and out. Also, keep your critical networks separate to prevent hackers from accessing all networks by hacking just one of them.
Ensure that your business has a dependable automatic backup system in place, and test it regularly to guarantee its feasibility if your company suffers a disaster.
Keep your anti-virus software up to date and your firewalls properly configured to ensure against malicious digital threats.
Maintain all your hardware and software to keep them up to date with patches and known vulnerabilities. Keep track of your activity by reviewing audit logs and responding to incidents in systematic way. Conduct regular internal and external penetration tests that mimic attacks and identify vulnerabilities that you may not have foreseen. Overall, develop an effective plan and stick to it.
What Can You Do About It?
This is a lot for any small company to keep track of. If your IT department is limited, or you are without a security vendor, there are still measures you can take to help supplement your business' digital security against data breaches. The keys to your basic security are:
- Keep your systems up to date.
- Educate employees in correct procedures and how to identify phishing schemes.
- Enact an effective backup and disaster recovery plan.
- Consider employing an application whitelist for critical systems to prevent unauthorized programs from operating within your network.
To learn more about Triada Networks visit https://www.triadanet.com.