How to Avoid Data Breaches in 2019

Here we'll go through some of the most frequent and emerging causes of data breaches in 2019

How to Avoid Data Breaches in 2019

Here we'll go through some of the most frequent and emerging causes of data breaches in 2019 and understand how to address them on time.

Misconfigured Cloud Storage

It's hard to find a day without a security incident involving insecure AWS S3 storage, Elasticsearch, or MongoDB. A global study from Thales and the Ponemon Institute states that only 32% of organizations believe protecting their data in a cloud is their responsibility. Worse, according to the same report, 51% of the organizations still do not use encryption or tokenization to protect sensitive data in the cloud.


McAfee confirms, claiming that 99% of cloud and IaaS misconfigurations fall into the field of end-users' control and remain unnoticed. Marco Rottigni, Chief Technical Security Officer EMEA at Qualys, explains the problem: "Some of the most common cloud database implementations ships with no security or access control as standard at the start. They have to be added on deliberately, which can be easily missed."


With a global average cost of $3.92 million per data breach in 2019, these findings are quite alarming. Sadly, many cybersecurity and IT professionals still honestly believe that cloud providers are responsible for protecting their data in the cloud. Unluckily, most of their assumptions are not in accord with harsh legal reality.


Essentially all major cloud and IaaS providers have experienced law firms to draft an airtight contract you won't be able to alter or negate in a court. Black ink clauses expressly shift financial liability for most incidents on the clients' shoulders and establish limited liability for everything else, often reckoned in pennies.


Most SME companies don't even carefully read the terms, while in large organizations, they are reviewed by legal advisors who are often disconnected from the IT team. Though, one will hardly negotiate better conditions, as otherwise, cloud business will become so perilous and unprofitable that it will swiftly disappear. 


Unprotected Code Repositories

Research by North Carolina State University (NCSU) found that over 100,000 GitHub repositories have been leaking secret API tokens and cryptographic keys, with thousands of new repositories exposing secrets daily. Canadian banking giant Scotiabank recently made news headlines by reportedly storing internal source code, login credentials, and access keys for months in publicly open and accessible GitHub repositories.


Third-parties, especially external software developers, are commonly the weakest link. Often their developers lack proper training and security awareness requisite to duly safeguard their code. Having several projects at once, tough deadlines, and impatient clients, they ignore or forget about the very fundamentals of security, letting their code in public domain.


Cybercriminals are well aware of this digital Ali Baba's cave. Cyber gangs specialized in OSINT data discovery meticulously crawl existing and new code repositories in a continuous mode, carefully scraping the data. Once something of value is found, it's sold to cyber gangs focused on exploitation and offensive operations to get in.


Given that such intrusions rarely trigger any red flags in anomaly detection systems, they remain hidden or exposed once it is already too late. Worse, the investigation of such intrusions is costly and almost perspective less. Many popular APT attacks involved password re-use attacks with credentials found in code repositories. 


Vulnerable Open Source Software

The rapid generation of Open Source Software (OSS) in enterprise systems increases the cyber-threat landscape by adding even more unknowns into the game. A recent report by ImmuniWeb found that 97 out of 100 largest banks are vulnerable and have poorly coded web and mobile apps, being riddled with out-dated and vulnerable open source components, libraries, and frameworks. The oldest unpatched vulnerability found was known and publicly disclosed since 2011.


OSS does save a lot of time for developers and money for organizations but furthermore provides a wide spectrum of concomitant and largely underestimated risks. Few organizations properly track and maintain an inventory of countless OSS and its components built into their enterprise software. Consequently, blinded with unknowingness, they fall victim to unknown unknowns when newly detected OSS security flaws are aggressively exploited in the wild.


How to Prevent

1. Maintain an up2date and holistic inventory of your digital assets

Software, hardware, data, users, and licenses should be continuously monitored, classified, and risk-scored. In the era of public cloud, containers, code repositories, file-sharing services, and outsourcing, it's not an easy task, but without it, you may ruin the integrity of your cybersecurity efforts and negate all previous cybersecurity investments. Remember, you cannot protect what you don't see.

2. Monitor your external attack surface and risk exposure

Many organizations spend money on auxiliary or even theoretical risks, ignoring their numerous out-dated, abandoned, or simply unknown systems accessible from the Internet. These shadow assets are low-hanging fruit for cybercriminals. Attackers are smart and pragmatic; they won't assault your castle if they can silently get in via a forgotten underground tunnel. Therefore, ascertain that you have an ample and up2date view of your external attacks surface continuously.

3. Keep your software up2date, implement patch management and automated patching

Most of the successful attacks do not involve the usage of sophisticated and costly 0days but publicly disclosed vulnerabilities often available with a working exploit. Hackers will systematically search for the weakest link in your defense perimeter to get in, and even a tiny out-dated JS library may be a windfall to get your crown jewels. Implement, test, and monitor a robust patch management system for all your systems and applications. 

4. Prioritize your testing and remediation efforts based on risks and threats

Once you have crystal-clear visibility of your digital assets and a properly implemented patch management strategy, it's time to ensure that everything works as you expected. Deploy continuous security monitoring for all your external assets, conduct in-depth testing, including penetration testing of your business-critical web applications and APIs. Setup monitoring for any anomalies with rapid notifications.

5. Keep an eye on Dark Web and monitor data leaks

Most companies do not realize how many of their corporate accounts, exposed by hacked third-party websites and services, are being sold on the Dark Web. The emerging success of password reuse and brute-force attacks stem from it. Worse, even legitimate websites such as Pastebin often expose a great wealth of leaked, stolen or lost data accessible to everyone. Continuous monitoring and analysis of these incidents may save millions of dollars and, most importantly, your reputation and goodwill.