2019 Data Breaches: Reasons and How to Prevent Future Attacks

table of contents

The year 2019 could have easily been named as the year of ‘Unsecured Databases’. The total number of breaches was up by 33% in 2019—5,183 reported data breaches for a total of 7.9 billion exposed records—according to research from Risk Based Security, with medical services, retailers and public entities being the most affected.

2019’s Most Serious Data Breaches in No Particular Order

First American

The website data breach of California-based First American Financial Corporation exposed approximately 885 million files, dating back to over 16 years.

Capital One

The data breach of Capital One’s servers exposed the personal information of nearly 106 million of the bank’s customers and applicants.

Facebook

Facebook continued to be plagued by privacy problems and the 2019 breach affected nearly 50 million user accounts.

TrueDialog

The breach of TrueDialog’s database led to tens of millions of SMS text messages being exposed.

Quest Diagnostics

Security vulnerabilities, by way of a third-party data breach involving one of their vendors, struck the healthcare company, leaving records of over 12 million customers exposed to an unknown party.

DoorDash

The food delivery company had 4.9 million customers, delivery workers and merchants’ information stolen by hackers.

T-Mobile

Popular mobile provider, T-Mobile confirmed a data breach affecting more than a million of its customers, whose personal data was exposed to a malicious actor.

Macy’s

Macy’s found a suspicious connection between macys.com and another website, where the hacker’s aim seemed to be to steal credit card data of the customers.

Trend Micro

A consumer account data breach, caused by a disgruntled employee at security supplier Trend Micro led to a small number of users falling victim at attempts to defraud them.

City of Texas

Cyber attackers hit Texas infiltrating 22 municipalities and demanding a ransom leading to the city is incapable of accepting utility payments from over 14,000 residents.

Reasons for These Occurrences

Old and Unpatched Security Vulnerabilities

The most exploited security bugs in the first quarter of 2019 were recognized as old problems, most of them patched almost ten years ago. Old security bugs and malware kits made for about 27% of the detections recorded in Q1 2019.

Insider Threat

Most insider misuse happens through misinformed / uninformed staff and disgruntled /compromised users. Nearly 34% of the 2,013 data breaches reported in the 2019 Verizon Data Breach Investigations Report (DBIR) were caused by internal actors.

Misconfiguration

Poorly configured network devices can inadvertently allow traffic that would otherwise have been blocked, while incorrect file permissions on a server could expose vital data to risk.

Application Vulnerabilities

Application vulnerabilities are system flaws or weaknesses in applications that could be exploited by bad actors to compromise the security and integrity of the application.

Weak/ Default/ Stolen Credentials

Stolen or default credentials are one of the easiest ways hackers get access to systems, enabling attackers to gain access to sensitive content and resources.

Best Practices That Could Have Prevented Such Breaches

Improved Visibility

The average APT window is around 200 days, making early detection and response to the core of the current security paradigms. The collection and analysis of data traffic require continuous and relentless study to identify fraudulent or malicious intent—now made possible with technology like Artificial Intelligence and Behavior Analytics which can detect unattended, suspicious network behavior and traffic anomalies.

Prevention of Lateral Movements

Lateral movements are when bad actors get a hold of an enterprise asset/user and spread their reach from that device/user to others within the same or adjacent networks. Microsegmentation helps contain the movement by giving organizations increased control over the amount of east-west or lateral communication that occurs between resources. Furthermore, in the event of a breach, microsegmentation serves to limit the possible lateral exploration of networks by bad actors.

Environment Separation

Separating development, staging, testing and production environments using traditional network solutions has proven to be unreliable. This increases the risk for organizations having scale and geographical spread – with their resources accessing both public and private cloud environments. Therefore, separating environments through the many available methods and tools becomes imperative for security.

Application Segmentation and Protection

Choosing application segmentation through microsegmentation technologies, which is application-centric, can display and control activity at Layer 7 in addition to the network segmentation at Layer 4. This enables the viewing of specific processes and data flows, leading to a clearer and superior application isolation.

Zero Trust Network Access

Zero Trust is rooted in the principle of “trust nothing, verify everything.” This security model requires strict identity verification for each and every resource and device attempting to get access to any information on a private network, regardless of where they are situated, within or outside of a network perimeter.

The single most important goal for every organization must be to focus on early detection and response in the attack life cycle and feed the lessons learned right back to the prevention and detection controls. This will help mitigate any security breaches, now and in the foreseeable future.

Explore our cloud-delivered ColorTokens Xtended Zero Trust Platform that offers a new-generation of proactive security to simplify and streamline protection and compliance.