Even with the major leaps made in recent years in the cloud and security industries, companies continue to make mistakes protecting data. From big bank data breaches to mobile malware, almost anyone can be compromised, on any device. There simply has to be a better way.
The first step is to understand the root causes of these data breaches. Cybersecurity Insiders is one of the most reliable sources for news and stories in the cybersecurity community. Recently they published their research into the security operations landscape with their 2019 Cloud Security Report, in partnership with (ISC)2. In the report, 72% of organizations experienced some cloud security incident in the past 12 months.
Here are the main causes listed:
Exposed Data (27%)
By far the most frequent type of cloud security breach involves sensitive data being leaked or accessed by hackers. Typically, this is a backend issue where programmers or engineers fail to account for a certain feature or hole. Amazon, for instance, recently discovered that its Ring Video Doorbell Pro included a bug that allowed anyone to intercept the user’s home network. During the setup process, wi-fi network credentials could be leaked, as it was not using Amazon’s cloud services of an encrypted channel. Despite learning about the issue back in July, Amazon had only deployed the patch in early September.
Other times, the company is simply negligent in protecting user information. Facebook has developed a notorious reputation with user data, implicated in the Cambridge Analytica scandal, which saw the information of millions of Facebook users shared with third-party companies. Recently the company was found to be storing passwords in plain text— which makes it easy for hackers to access and steal.
Malware Infection (20%)
Even though it’s 2019, malware continues to be a major technological threat as it was in the early 2000s. In fact, malware today has only become smarter and stronger, using advanced techniques to remain undetected by detection methods. Last week alone, a new malware named QSnatch had infected over 7,000 network-attached storage (NAS) devices in Germany alone. The malware was able to modify the operating system scripts, prevent future firmware updates, and steal usernames and passwords.
Malware can affect anyone from the most advanced government operations to the average web developer. Today, hackers are only getting smarter with how they bypass security and install on the latest firmware and technology. It’s vital to install some form of malware protection to at least cover the most simple malware.
Account Compromise (19%)
Closely behind malware infections is the compromise of user accounts. Back in 2014, Yahoo discovered a data breach that reportedly compromised 500 million user accounts. A year prior, another 1 billion accounts were compromised. The truth came out in 2017, when the company admitted the attacks totalled to 3 billion user accounts— the largest data breach in history.
The problem isn’t limited to technology firms either. Earlier this month, Texas Health Resources, the largest faith-based health system in the state of Texas, filed 15 breach notifications. According to the report, a misconfiguration in the billing system lead to the compromise of 82,577 patients. Any system that uses an account and password system is prone to unauthorized attacks.
Protecting Your Company From The Same Pitfalls
Now that you have some understanding of the threats that affect modern infrastructure, you can take the necessary precautions to avoid the same issues.
Conduct a thorough review of your existing cybersecurity strategy – This is not something to put off until next year. If you hold any sensitive information of any kind, you owe it to your stakeholders and customers. The start of a solid strategy begins with a detailed review.
Hire trustworthy security professionals – Don’t leave the hard work to the most tech-savvy person in the team. It’s best to get a true consultation from the experts. You may have to pay a premium, but that is the price of keeping your company safe and compliant.
Educate your team – Ignorance breeds carelessness, and carelessness invites security threats. Make sure each individual on your company understands the basics of protecting their selves and the data they handle. This means keeping software secure, and locking down systems when not in use.
Destroy before disposal – One of the common ways companies are left at risk is when they improperly dispose old computers, servers, or storage equipment. They assume that throwing away a device means it cannot be accessed, but the reality is far different. Companies like Securis can ensure that your devices are properly disposed, and that your data is thoroughly destroyed.
Don’t leave the fate of your company’s sensitive data and information up to chance. Begin reviewing your cybersecurity strategy today. Consult Securis for more information.