The year 2019 could have easily been named as the year of ‘Unsecured Databases’. The total number of breaches was up by 33% in 2019—5,183 reported data breaches for a total of 7.9 billion exposed records—according to research from Risk Based Security, with medical services, retailers and public entities being the most affected.
2019’s Most Serious Data Breaches in No Particular Order
The website data breach of California-based First American Financial Corporation exposed approximately 885 million files, dating back to over 16 years.
The data breach of Capital One’s servers exposed the personal information of nearly 106 million of the bank’s customers and applicants.
Facebook continued to be plagued by privacy problems and the 2019 breach affected nearly 50 million user accounts.
The breach of TrueDialog’s database led to tens of millions of SMS text messages being exposed.
Security vulnerabilities, by way of a third-party data breach involving one of their vendors, struck the healthcare company, leaving records of over 12 million customers exposed to an unknown party.
The food delivery company had 4.9 million customers, delivery workers and merchants’ information stolen by hackers.
Popular mobile provider, T-Mobile confirmed a data breach affecting more than a million of its customers, whose personal data was exposed to a malicious actor.
Macy’s found a suspicious connection between macys.com and another website, where the hacker’s aim seemed to be to steal credit card data of the customers.
A consumer account data breach, caused by a disgruntled employee at security supplier Trend Micro led to a small number of users falling victim at attempts to defraud them.
City of Texas
Cyber attackers hit Texas infiltrating 22 municipalities and demanding a ransom leading to the city is incapable of accepting utility payments from over 14,000 residents.
Reasons for These Occurrences
Old and Un-patched Security Vulnerabilities
The most exploited security bugs in the first quarter of 2019 were recognized as old problems, most of them patched almost ten years ago. Old security bugs and malware kits made for about 27% of the detections recorded in Q1 2019.
Most insider misuse happens through misinformed / uninformed staff and disgruntled /compromised users. Nearly 34% of the 2,013 data breaches reported in the 2019 Verizon Data Breach Investigations Report (DBIR) were caused by internal actors.
Poorly configured network devices can inadvertently allow traffic that would otherwise have been blocked, while incorrect file permissions on a server could expose vital data to risk.
Application vulnerabilities are system flaws or weaknesses in applications that could be exploited by bad actors to compromise the security and integrity of the application.
Weak/ Default/ Stolen Credentials
Stolen or default credentials are one of the easiest ways hackers get access to systems, enabling attackers to gain access to sensitive content and resources.
Best Practices That Could Have Prevented Such Breaches
The average APT window is around 200 days, making early detection and response to the core of the current security paradigms. The collection and analysis of data traffic require continuous and relentless study to identify fraudulent or malicious intent—now made possible with technology like Artificial Intelligence and Behavior Analytics which can detect unattended, suspicious network behavior and traffic anomalies.
Prevention of Lateral Movements
Lateral movements are when bad actors get a hold of an enterprise asset/user and spread their reach from that device/user to others within the same or adjacent networks. Micro-segmentation helps contain the movement by giving organizations increased control over the amount of east-west or lateral communication that occurs between resources. Furthermore, in the event of a breach, micro-segmentation serves to limit the possible lateral exploration of networks by bad actors.
Separating development, staging, testing and production environments using traditional network solutions has proven to be unreliable. This increases the risk for organizations having scale and geographical spread – with their resources accessing both public and private cloud environments. Therefore, separating environments through the many available methods and tools becomes imperative for security.
Application Segmentation and Protection
Choosing application segmentation through micro-segmentation technologies, which is application-centric, can display and control activity at Layer 7 in addition to the network segmentation at Layer 4. This enables the viewing of specific processes and data flows, leading to a clearer and superior application isolation.
Zero Trust Network Access
Zero Trust is rooted in the principle of “trust nothing, verify everything.” This security model requires strict identity verification for each and every resource and device attempting to get access to any information on a private network, regardless of where they are situated, within or outside of a network perimeter.
The single most important goal for every organization must be to focus on early detection and response in the attack life cycle and feed the lessons learned right back to the prevention and detection controls. This will help mitigate any security breaches, now and in the foreseeable future.