DATA BRE ACHES CAN BE PRE VENTED

C Y BER SEC URI T Y GUIDE

23

5

6

7

1

8 Steps IT Professionals Can Take

48

BACKGROUNDA data breach can devastate an organization. When criminals steal an organization’s

sensitive customer data, or critical intellectual property, stakeholders often lose trust in the

organization and move their business elsewhere. In addition, a data breach often results

in expensive security audits and fines. As a result, a data breach often lowers the value of

shares in public companies for extended periods of time.

The rapid rise of high-profile data breaches such as the Equifax and SEC-Edgar data

breaches and their high costs shows it is critical for security professionals to reexamine

their current strategies and implement unified security across network, cloud, and mobile

environments.

DATA B R E A C H E S C A N B E P R E V E N T E D | 2

OVERVIEWCharacteristically, a data breach can be categorized as an attack on an organization.

Enterprises victim to data breaches suffer from sensitive data leakage of proprietary

or confidential information. This information includes: credit card numbers, personal

identification, passwords, financial, medical or government records. Data is extremely

valuable when it is proprietary and includes information with monetary value such as: credit

card numbers, social security numbers, extortion and trading (stock exchange).

BREAKDO WN OF BREACHES IN 2017 1

Banking/Credit/Financial

Business

Educational

Government/Military

Medical/Healthcare

2,908,580 Records

156,956,255 Records

1, 146,680 Records

5,802,233 Records

4,874,217 Records

DATA B R E A C H E S C A N B E P R E V E N T E D | 3

UNDERLYING CAUSES OF DATA BREACHESData breaches are caused by human error, not managing system patching or failing to

patch. These breaches can either be caused by an internal or external source. The underlying

causes to these attacks can be prevented by training, strengthening command and control

and investing in cyber security solutions.

Often these errors occur out of haste, accidentally exposing data, clicking on tainted links or

emails. These types of errors can even occur when someone accidentally emails sensitive

information to an unintended recipient. One of the most harmful and careless mistakes can

be caused by unintentionally configuring a database to be internet facing and searchable

through search engines.

An unpatched system is an open invitation with a weak spot, encouraging hackers to exploit

them. Failing to patch is bad. Failing to build an environment that is not resilient to missing

a patch or two is even worse.2 Lyft CISO, Mike Johnson highlights on the imperativeness

of patching, “Patching is simply a “must do.” There is no argument there. But anyone who

has worked in a business of any size knows there are sometimes reasons a patch cannot

be applied immediately. This must be prepared for and designed in. If you have built an

environment with the assumption that all systems will be 100% patched at all times, you

have a level of brittleness that will fail.”

DATA B R E A C H E S C A N B E P R E V E N T E D | 4

RECENT DATA BREACHES TO DATE

• Uber: In October 2016, the email addresses and phone numbers of over 57 million

Uber customers and the license numbers of 600,000 drivers were accessed by hackers.

Uber secretly paid hackers $100,000 to keep quiet but in November of 2017, Uber

decided to disclose the attack to the public.

• Equifax: Over 145 million records were breached on July 2017 making Equifax’s breach

the largest in history. Hackers exploited a vulnerability found in Equifax’s open-source

software, releasing troves of personal data including social security number, driver’s

license numbers, birth dates, addresses and credit card numbers.

• Wells Fargo: Due to human error, one of the bank’s own lawyers accidentally leaked

50,000 customer names, social security numbers and sensitive financial information

linked to the bank’s wealthiest customers.

• Ashley Madison: In July 2015, the Impact team leaked 25 gigabytes of company data

and user details. The data breach resulted in the exposure of fake accounts (bots) being

used to lure users into becoming members.

• Yahoo!: Yahoo! reported two major data breaches, one occurred in August 2013 while

the other was in late 2014. 3 billion users’ personal data including: names, email

addresses, phone numbers, security questions, data of birth and hashed passwords

were exposed.

• Sony: In November 2014, Sony’s movie The Interview caused a stir by a

group called Guardians of Peace. The group claimed to take more than 100 terabytes of

data from Sony, installed malware on employee computers and stole confidential data.

• Target: Over 41 million Target payment card account customers were affected and the

contact information of 60 million customers were exposed. In November of 2013,

cyber attackers gained access to their gateway through credentials stolen through a

third-party vendor.

DATA B R E A C H E S C A N B E P R E V E N T E D | 5

1.

2.

3 WAYS YOUR DATA IS BEING COMPROMISED

LOSING ACCESS TO DATA (RANSOMWARE)

Losing access to your data is also known as a ransomware attack. This type

of attack is the most frequently discussed type of data breach. These attacks

happen daily and are regularly making headlines. Ransomware attacks occur

more frequently than any type of data breach attack.

Ransomware attacks have a high price tag due to the fact that the attackers

hold hostage data that is extremely valuable. This data holds such a high

value that people will pay anything to have it returned. The longer the data is

withheld from the victim, the larger the risk becomes of suffering downtime

will significantly impact their business.

YOUR DATA HAS BEEN DUPLICATED (EXFILTRATION)

If your data has been duplicated, someone thought it was interesting enough

to use with malicious intent. These attackers will use your data for profit or to

expose confidential or propriety data. They can be categorized into three types

of attackers:

1. Hacktivist: A hacker who is exposing data for political or socially motived cause.

2. Espionage: Also known as a cyber spy, they will access the computer networks of governments or advanced businesses and take control of your IP.

3. Cybercriminals: These hackers often work in groups to profit from your data. They will often target a business POS, accessing credit card and PIN information.

DATA B R E A C H E S C A N B E P R E V E N T E D | 6

3.

If you have been the victim of data duplication, someone thought you were

interesting or important. A recent example of this type of data breach occurred

when an email prankster from the UK emailed Homeland Security Adviser, Tom

Bossert disguised as Jared Kushner about a “soiree” including a “personal

email” to reach him.

LOSING TRUST (BACKDOOR)

Losing trust or backdoor data breaches have been a major topic of interest

since the 2016 United States presidential elections. These types of attacks

are usually executed by Nation-States putting backdoors on voting systems,

for example, meaning attackers are able to access a computer system or

encrypted data, bypassing the systems security.

Unfortunately, these types of attacks can also be the most difficult ones to

detect. In order to protect yourself from becoming a victim of these types of

attacks, a firewall should be enabled to protect your data and block access

from unauthorized users.

DATA B R E A C H E S C A N B E P R E V E N T E D | 7

HOW AND WHY YOU NEED TO BE PROTECTEDEnd users always become victims when troves of their data are leaked, including personal

information, social security numbers, credit card numbers and PIN codes. Businesses will

lose the trust of their customers and a major data breach may even lead to executives

resigning from their positions. The damage done could majorly affect their credit long term

and can even lead to their identity being stolen.

Many of the attacks mentioned in this paper could have easily been prevented by adopting

security protocols. Almost every organization whether it’s a business, government

organization, healthcare facility, bank or individual contains private data that could potentially

be harmful if it gets into the wrong hands. So, what can IT professional do to further

prevent breaches?

DATA B R E A C H E S C A N B E P R E V E N T E D | 8

8 STEPS ITPROFESSIONALS

CAN TAKE

1First and foremost, educating and training your work force to take security precautions in order to prevent a breach from occurring.

EDUCATE AND TRAIN

2Creating a secure password and frequently changing it to prevent access.

SECURE PASSWORDS

3Reducing the ability to transfer data from one device to another decreases the risk of data getting into the wrong hands.

REDUCE DATA ACCESS

4Screening third party vendors to make sure that they have the proper security protocols enabled to prevent hackers accessing via their network.

SCREEN THIRD PARTY VENDORS

5Regulating employee computers and devices in which they have access to company data can be significantly reduced by using only encrypted PCs and devices.

ENCRYPT PCs AND DEVICES

6One way to prevent open access to sensitive data from being accessed is by creating an internal cloud where only those who need access to it, can access it.

CREATE AN INTERNAL CLOUD

7Implementing password updates and two-step authentication also mitigates this issue. Additional security measures such as limiting website access from work devices, frequent password changes, updating security software, and monitoring access to data can significantly reduce the risk of a data breach.

UPDATE PASSWORDS

8Frequent security software updates can prevent room for gaps in your security. Updating is crucial.

UPDATE SOFTWARE

Often, companies focus only on stopping hackers from getting in externally. While these security measures are prudent, it leaves the door open for inside jobs. Sensitive data can be accessed anywhere and by virtually anyone. Follow these steps to prevent the next data breach.

DATA B R E A C H E S C A N B E P R E V E N T E D | 9

CONCLUSIONThe need to protect your organization from data breaches is crucial. The risk of not

implementing proper security measures has become too high to ignore. Many of the high-

profile attacks discussed in this report were caused by gaps in security processes. Often,

businesses discover these gaps when it’s too late, as the threat has already manifested and

companies are forced to pay for the consequences of remediation. No one is safe from attacks,

so begin protecting your organization now.

Next Read: Cyberattacks can be prevented

More information: SandBlast

Resources

1 Identity Theft Resource Center Breach Report Date: 11/15/2017

2 LinkedIn post, https://www.linkedin.com/feed/update urn:li:activity:6322850010266501120/

DATA B R E A C H E S C A N B E P R E V E N T E D | 1 0

CONTACT US

Worldwide Headquarters 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 |

Email: info@checkpoint.com

U.S. Headquarters 959 Skyway Road, Suite 300, San Carlos, CA 94070

Tel: 800-429-439 | 650-628-2000 | Fax: 650-654-4233 |

c h e c k p o i n t . c o m

©2018 Check Point Software Technologies Ltd. All rights reserved