Act now to prevent data breaches
By Cherry FungProactive steps to avoid data breaches
In Hong Kong and around the world, data breaches are in the news with alarming regularity.
According to Hong Kong’s Privacy Commissioner for Personal Data, 139 data breach incidents were reported in the city in 2019, representing an increase of 8% as compared to 2018. The data breaches involved hacking, system misconfiguration, employees contravening rules, loss of documents or portable devices and inadvertent disclosure of personal data by email or post.
Many data breaches could be prevented, as Microsoft engineers reminded people earlier this year, making headlines when it revealed that “99.9% of the compromised accounts they track” do not use multi-factor authentication.
Whilst organisations and individuals wrestle with the challenges of protecting personal and financial information, criminals are taking advantage of the trust that is placed in organisations and their choice of data repositories.
Fortinet Chief Information Security Officer Phil Quade describes data breaches as “confidence vampires” that feed on this misplaced trust. He warns that core assets must be defined and protected by understanding the scope of potential compromise in order to constrain risk. Digital innovation and an increase in endpoint and IoT devices across networks also means new potential “security gaps”.
To prevent data breaches it is essential for organisations to establish a security baseline and adopt strategies and solutions for proactive security
Establish a security baseline
To protect data and assets network protection, establish a security baseline by considering the following four steps.
Conduct Thorough Risk Assessment
Today’s network environments are increasingly complex, and whilst organisations naturally focus on the most critical aspects of their business, it’s vital to ensure that security initiatives align with business objectives. Conducting a thorough risk assessment is the essential first step in establishing a security baseline.
Align Security and Network Architecture
Networks are continually expanding so it’s important to ensure full control and visibility by identifying potential weak points. By identifying all possible attack paths to critical data, organisations can then prioritise security and take action. Trusted frameworks to consider include ISO, CIS Critical Security Controls (SANS Top 20), and the NIST Cyber Security Framework.
Identify All Assets
The ever expanding list of new devices and technologies are both an opportunity for business and a security threat. It’s essential to thoroughly assess networks and identify all devices, operating systems, and patch levels. This information enables security teams to prioritise risks, especially when used alongside critical threat intelligence.
Invest in Security Tools
To prevent data breaches, consider investing in security tools that asses networks and identify devices, operating systems, and patch levels. When the information collected is paired with critical threat intelligence security teams can both see and prioritise risks.
Adopt strategies and solutions for proactive security
Having established a security baseline and invested in security tools, stay one step ahead of cybercriminals by considering the following solutions and strategies:
Make Multi-factor Authentication Mandatory
Multi-factor authentication technology is widely available, but organisations need to enable it and make it mandatory for their employees. And as with the recommendations for email and SaaS applications, MFA provides a key complementary technology that can significantly bolster security with minimal investment.
Establish Security Hygiene Practices
Many cyberattacks have been in existence for weeks, months and sometimes years and simply carry on targeting proven vulnerabilities in systems. The continued prevalence of known methods of attack demonstrates the importance of having a formal protocol for security patches and system upgrades. Consider replacing all devices that cannot be patched or updated, or ensure devices are “quarantined” with proximity controls such as IPS systems and zero-trust network access. Security teams must ensure the network is capable of automatically detecting and quarantining compromised devices.
Leverage Threat Intelligence
Never underestimate the importance of advanced threat intelligence. Security teams should leverage both local intelligence and follow global threat feeds to keep up to date on the latest cyberattack activity, then distribute this knowledge across the security framework.
Use Signature-based Detection Tools
As the majority of network vulnerabilities that get targeted are not new, security systems can detect attacks by looking for “signatures”, the patterns used in other cyberattacks. Signature-based detection tools enable security teams to scan networks and identify data breach attempts that are targeting known vulnerabilities. These tools are especially useful in complex environments that include devices that cannot be updated.
Use Behavioral-based Analytics and Data Sanitisation
Some threats do not have a recognisable signature, so advanced threat protection solutions such as sandboxes and User Entity Behavior Analytics (UEBA) tools are required. Cyber attackers learn and mimic legitimate traffic patterns so security tools need to conduct an in-depth inspection and analysis that focuses on patterns that can then be used to detect and diagnose malicious intent. Ideally, security tools need to be able to intervene automatically before an attack takes place. Data sanitisation strategies such as Content Disarm and Reconstruction (CDR) tools can identify potential threats and stop attacks cold.
Employ Web Application Firewalls
Despite the risk of cyberattacks, many organisations do not adequately test and strengthen their web applications before they are deployed. By employing a web application firewall (WAF) organisations can monitor web application traffic more closely than next-generation firewall technology.
Replace Traditional Security Technologies
Traditional security solutions operate in isolation, which means they are only able to respond to threats detected in front of them and do not have the full picture of the network. Cyber criminals employ a multi-vector approach that use multiple vulnerabilities and more than one method to breach a network. By adopting a fabric-based approach organisations can protect evolving networks against data breaches.
Segment Networks
The frequency of data and applications flow in digital environments means networks should be segmented to prevent the spread of cyber threats. Organisations can achieve this by deploying internal network segmentation firewalls and establishing macro- and micro-segmentation strategies. Segmentation is especially critical when collecting and correlating large amounts of data in single and multiple network environments. Consistent policies across the network more effectively manage and secure the movement of data and applications.
Stay alert, stay proactive
The frequency of data breaches and increasing sophistication of cyber criminals means security should remain a central priority. Defending against these threats requires proactive strategies that rely on security solutions and an organisation-wide awareness of risk. By creating a security baseline and embracing a range of integrated and automated strategies that can be deployed broadly across networks, organisations can protect themselves and their customers from damaging and distressing data breaches.