#datasecurity

One of the most popular and rapidly growing categories of cybercrime is ransomware. More than 4000 ransomware attacks occur daily. This number of attacks and close relationship between company and third parties increases the risk compromising employee data. Sensitive data can be secured with a ransomware prevention strategy and a process for quickly detecting compromised data.

An effective attack prevention strategy involves deploying security controls at every stage in the evolution of a typical ransomware attack.

The main stages of a ransomware attack are:

Phishing attack – email that contains malicious links that redirect the user to a scam site to steal internal credentials. This is the most popular way to launch an attack;
Interaction with the user (victim) – following the link, downloading attachments, etc.;
Account compromise – compromise of the victim’s corporate credentials by addressing them to a malicious site or using social engineering (for example, a hacker pretends to be an employee of the IT department and requests confirmation of a two-factor authentication message. At this stage, malware is most often injected, initiating the installation of ransomware;
Designation of privileged data – privileged credentials detection and compromise to gain unauthorized access to sensitive network areas;
Search for sensitive data (personal data, customer data, social security numbers, corporate credentials, corporate and personal email data, any digital trail that can be used for identity theft);
Data exfiltration – malware deployment to establish backdoor connections to the cybercriminal’s servers. Data transfer is carried out through backdoor connections. For this data the cybercriminal will demand a ransom;
Data encryption – a cybercriminal encrypts the operating and computer systems of the victim in order to cause maximum damage. The victim receives a ransom notice (usually in a TXT file) with a clear indication of the ransom price. Cybercriminals demand ransom payment in cryptocurrency (bitcoins), since it is more difficult for law enforcement agencies to track their movement. To speed up the process of paying the ransom, criminals threaten to place data on the dark web or delete it;
Data dump is the final stage of the attack. At this stage cybercriminals publish all compromised data in the cybercriminal marketplace. Some cybercriminals delete data, saving themselves from publishing it on the black market and tracking purchase requests. If the victim refuses to pay the ransom, the cybercriminal can punish the victim and publish all the data on the forums. Free access to data posted on such forums does more harm to the company than selling it to 1 group of cybercriminals.

Company can protect and mitigate the ransomware impact by implementing security measures at each stage of the attack:

Cybersecurity training. It is very difficult to defeat ransomware if it has already infiltrated the corporate network. By preventing intrusion, cybercriminals are unable to carry out a successful attack. Employees often don’t know how to recognize threats and how to respond to them, and thus contribute to the attack success. It is important to provide high-quality training for all employees, inform about potential risks and teach them to recognize threats;
Tracking interactions with malicious links and attachments. To prevent an attack from progressing to the next stage, such activity must be detected as soon as possible. Employees should alert IT security professionals immediately;
Prevent account compromise. Multi-factor authentication should be implemented. The most secure form is the biometric authentication method. Biometrics such as fingerprints, facial recognition are very difficult to steal or copy;
Protection of privileged data. Implementation of a password manager, multi-factor authentication, zero-trust security model (all internal traffic is perceived as malicious, and therefore the user must constantly confirm his identity to get access to confidential resources);
Prevent data loss. Closing or segmenting from the general users access to sensitive network areas. It is also necessary to ensure that all user accounts that have access to restricted areas are protected by multi-factor authentication;
Prevent data theft. This process consists of 2 elements: detection and prevention. Detection methods include:

using SIEM to monitor network traffic in real time;
monitoring of connections with external IP addresses;
monitoring of suspicious activity of outgoing traffic;

Prevention methods include:

security protocols (DNS, HTTP, FTP);
fixing software vulnerabilities.

Protection against data encryption. Rapid switchover processes to backup systems can minimize business disruption in the event of a ransomware attack. Such environments must be accessible with a unique set of credentials, i.e. they must be different from those used in a normal IT environment.

The main modern business task is to ensure reliable data protection. Cybersecurity protects data of all categories from theft and damage: confidential data, personally identifiable information (PII), personal health information (PHI), personal information, intellectual property, data, government and corporate information systems. The absence of a cybersecurity system increases the risk for a company to become a target for cybercriminals.

The global use of cloud services as a repository for sensitive data also increases the risks. Misconfiguration of cloud services and more sophisticated methods of cybercriminals lead to successful cyberattacks and data leaks. Off-the-shelf solutions such as anti-virus software and firewalls are not reliable data protection. Cybercriminals are using smarter tactics and methods that are more resistant to traditional cyber defenses.

Cyber threats can come from any level of an organization. It is important to ensure that staff at all levels are trained in cybersecurity, aware of common cyber threats (social engineering fraud, phishing, ransomware attacks, and other malware to steal intellectual property and/or identity), teach how to recognize them and familiarize them with the action plan when an incident occurs.

Cybersecurity is the state or process of protecting and recovering computer systems, networks, devices and programs from any cyberattack types. The threat to data is high as cybercriminals use new methods based on social engineering and artificial intelligence to bypass traditional data protection methods with ease. Keep data secure by implementing intelligent security solutions combined with strong password policies (for example, multi-factor authentication to prevent unauthorized access).

Modern society is highly dependent on technology, and this trend will only grow. Data that can contribute to major data theft is published on social media accounts, sensitive information (social security number, bank card and account information, etc.) is stored in cloud storage (Dropbox, Google Drive, etc.). Every day, whether a large corporation or an ordinary person uses technology and computer systems. If you compare this with security lack of cloud services, smartphones, the Internet of things, then there are many potential security vulnerabilities that didn’t exist even a few years ago.

The General Data Protection Regulation (GDPR), namely reputational damage and customer liability, has motivated organizations to rethink cybersecurity. According to the GDPR, organizations operating in Europe are required to:

Report a data breach;
Designate a data protection officer;
Require the user’s consent to the processing of information;
Anonymize data for privacy;

In the US, data breach laws are in place and include:

Data breach notification as soon as possible;
Government notice;
Fines payment.

In 2003, California became the first state to regulate data breach disclosures. Victims can sue up to $750 and companies can be fined up to $7,500 per victim.

This, in turn, has contributed to the development of frameworks for understanding security risks better, improving cybersecurity measures, and preventing cyberattacks.

Information theft is the most expensive and fastest growing segment of cybercrime. This is largely driven by the growing disclosure of identifying information on the Internet through cloud services. Also, industrial and government facilities are targeted in order to violate the integrity of data (destruction or modification of data) and to distrust the organization or government.

Social engineering remains the simplest form of cyberattack, and ransomware, phishing, and spyware the easiest method to infiltrate a system. It is important to consider that the attack can be carried out through third parties that use unreliable cybersecurity methods.

According to research, the average cost of cybercrime to an organization has increased by $1.4 million over the past year, and the average number of data breaches has increased by 11%.

Factors contributing to cybercrime growth:

Distributed Internet;
The ability of cybercriminals to attack targets outside their jurisdiction, which greatly complicates police work;
Increasing profitability and ease of commerce in the dark web;
The spread of mobile devices and the Internet of things (IoT).

Consequences of neglecting cybersecurity:

Economic costs (theft of intellectual property, corporate information, disruptions in trade, restoration and repair of damaged systems);
Reputation (loss of trust, loss of current and potential customers, anti-advertising in the media);
Regulatory costs (fines, regulatory sanctions).

Data security is the process of protecting files, databases, accounts through controls, applications, and practices that prioritize data privacy and compliance.

The main elements of data security are confidentiality, integrity, availability. A model based on these three elements allows to ensure data security and protection from unauthorized access and data theft. It means:

Confidentiality – access to data only for authorized persons;
Integrity – information reliability and accuracy;
Availability – data is available to meet business needs.

The main points that need to pay attention to ensure data security:

Data location. In order to provide high data protection level, it is necessary to know where it’s stored;
Data access. Uncontrolled access and infrequent permission checks expose the company to the risk of data misuse and theft;
Continuous monitoring and real-time data change alerts. This approach allows to track compliance with regulatory requirements, as well as detect unusual activity, suspicious accounts, and computer operation changes in time.

Technologies to prevent leakage, reduce risks and provide reliable protection:

Data audit allows to check all components operation, detect errors in time and eliminate them;
Real-time data alerts allows to track data activity, more quickly detect suspicious behavior, security breaches that lead to accidental data destruction, loss, modification, unauthorized disclosure and access to personal data;
Data Threat Assessment helps to identify the most vulnerable sensitive data, provides a detailed explanation of each vulnerability, and suggests ways and recommendations to eliminate security threats;
Data minimization allows to collect and store only targeted data for the business, covering its needs. A large amount of unnecessary data will not give a competitive advantage but can damage reputation if it is leaked. It is important to analyze business data needs and minimize data volumes;
Aged data removal. If the data is not on the network, it cannot be compromised. It is worth installing systems that can monitor file access and automatically archive unused files.

Ensuring data security:

Confidential data file isolation. A confidential file shouldn’t place in a public folder. Data security software allows to classify sensitive data and move it to a safe place;
Tracking user behavior. The frequent problem is excessive access and permission to data for business users. So they have more than it is necessary to fulfill their duties according to their role in the company. Software that monitors user behavior and automatically sets appropriate permissions can reduce user harm.

Data security rules

There are certain data security rules, such as HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley Act), GDPR (General Data Protection Regulation), etc. They provide organizations for such requirements:

understanding what sensitive data they have;
data provision upon the request;
confirmation of data protection measures usage.

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Mobility and Accountability Act. It was approved by the US Congress and enacted on August 21, 1996 to modernize the flow of medical information and protect personal information held by healthcare facilities and the health insurance industry from fraud and theft. The law requires relevant organizations to adopt security standards that take into account the technical capabilities of record systems for storing health information, providing security measures costs, and the value of computerized record systems.

Primary requirements:

Continuous monitoring of file activity and access to confidential information;
Access control;
Record keeping.

Sarbanes-Oxley (SOX)

US law provides for the introduction of more stringent requirements for financial reporting and the process of its preparation. Under this law, public companies are required to provide an annual assessment of their internal financial audit effectiveness.

Primary requirements:

Ongoing monitoring and auditing, requiring companies to include in their annual reports an assessment of internal controls to ensure the integrity of financial reporting and an audit attestation;
Access control, especially to critical computer systems, is the most important aspect of law compliance. It is necessary to know which administrators have made changes to security settings and access rights to file servers and their contents, as well as to detail the history of access and any changes to user data;
To provide evidence of compliance, it is necessary to generate a detailed report, where it is necessary to indicate the use of data, each interaction of users with the file and confidential data, changes in permissions that affect access rights to information.

General Data Protection Regulation (GDPR)

This is an EU regulation that defines how organizations process personal data. It covers the protection of EU citizens personal data such as insurance number, date of birth, email address, IP address, phone number, account numbers etc.

Primary requirements:

Data classification: understanding where data is stored, data protection, fulfillment of requests for personal data correction and deletion;
Continuous monitoring: notification of violation within 72 hours;
Metadata: setting limits on data storage (collecting and storing only target data), determining the need to archive data;
Data management: understanding who has access and who should have access to data in the corporate system, restricting access rights depending on the business user’s role.

With every hack and data leak, the question of organization cybersecurity becomes more and more relevant. Any business must first of all take care of information security. Here are examples of high-profile company data leaks in recent months that prove the importance of this issue.

February 2022 – GiveSendGo

A Christian fundraising site was hijacked in response to Ottawa truckers’ protests. The hackers used a DDoS attack and redirected the fundraising site to another page. As a result of this attack, the personal data of people who donated funds were compromised. In total, the personal information of 90,000 donors was published.

This case further highlights the importance of using secure platforms and payment methods to keep customer data safe and not compromised. If the company has already encountered such a nuisance, it is worth taking the right measures to eliminate the leak as well as the causes of its occurrence.

January 2022 – Crypto.com

Blockchain is the latest technology that is used in the financial sector. This model has long been considered one of the most secure transaction processing forms. But technology development gives rise to the development of cybercrime methods. So, on January 17, 2022, an attack was made on an application for exchanging cryptocurrency. The attack targeted the wallets of 483 app users.

The hack resulted in the theft of about $18 million worth of BTC, $15 million worth of ETH, and other cryptocurrencies. Hackers have learned to bypass two-factor authentication and gain access to users’ wallets, which made it possible to organize a hack. To reduce the risks of this attack type, it is important to use a password manager. Businesses should be aware of all the risks associated with the theft of cryptocurrencies. Therefore, all sensitive data must be encrypted.

December 2021 – FlexBooker

FlexBooker is an appointment scheduling tool. Before the New Year holidays, they became a victim of cybercriminals, as a result of which approximately 3 million users suffered. Attackers gained access to confidential data (driver’s license, photos and other personal information) and posted it on various hacker forums. For these purposes, the hackers used the FlexBooker AWS configuration, installed malware on the servers, which allowed them to take full control of the system.

November 4, 2021 – Robinhood

Robinhood is an American financial services company offering commission-free trading in stocks and exchange-traded funds through a mobile app. The attack on the company took place on November 16, 2021. Using social engineering (the method is based on the social psychology usage), internal systems were hacked. According to the company report, criminals gained access to the email addresses of almost 5 million users and other personal information. For non-disclosure of any data, the attackers demanded a ransom.

October 2021 – Twitch

Twitch is a video streaming service that specializes in video games. In October, it became known that an unknown attacker penetrated the source code, as a result of which data sets were compromised, including about payments to the creators of the service. The leak contained 3 years of payout data, information about twitch.tv activities, client source code, proprietary code, etc.

On the one hand data promotes huge possibilities for business and on the other hand it demands a huge responsibility from the business. Effective data management system including data collection, storage, processing, accessibility, safety is a necessary part of every company. All system and every its process must be correctly configured and perform its functions to obtain maximum result.

There is no doubt that all data need to be protected, otherwise other business processes can become senseless. News about leak of different companies’ information is not rare. For example, in the result of Yahoo attack in 2013 were compromised 3B of clients’ identity details; Marriott attack involved 500 million consumers personal information; more recent problem – Sephora information leak.

Such situations have negative influence on the whole business space: both an injured business (stock price losses, a barrage of bad coverage, widespread business mistrust etc.) and business that has become a witness of this situation. The management of companies (specifically after the next leak news) is actively involved in cybersecurity issues. However, fear and knowledge lack generate mistaken opinion among management (for example, artificial intelligence technologies implementing ensures protection against cyber attacks).

But before technologies implementing into business processes, it is necessary to pay attention to the following points:

IT department

It is too often situation when one IT specialist plays several roles in the company (from maintaining work computers to ensuring the protection of confidential data). The IT department understaffing and insufficient training level entail negative consequences, including data security issues. There is not the right size of IT department. Its size should be such that all company’s requests are qualitatively satisfied.

Financial restrictions

Every business strives to maximize profit and minimize costs. The management is reluctant to agree to a new cost item of hiring cybersecurity specialists or training existing employees. Trying to save money a choice turns next to a cheaper option – low-quality decision acquisition, that endangers the entire business.

Expenditures for ineffective methods

To choose an effective data protection method it is necessary to understand completely what data the company owns, what information is confidential, where it is processed etc. Without realizing it and chaotically buying data protection tools you may find that all these tools are not suitable for business needs. Money was spent without result.

The process of data management system selection and implementing don’t tolerate haste, «economy» and chaos. Organizing the IT department inside a company it is necessary to understand what functions IT specialists need to perform, what business needs must be met, what goals must be achieved. Only understanding this, it is possible to create effective department. Delegating tasks of data management system implementing to contractors it is important to make a well-considered decision. Trust your business to a responsible partner who helps to achieve goals and improve business performance.

Ransomware lifecycle and protection methods

Cybersecurity importance for modern business

The Main Data Security Aspects

High-profile Data Leaks 2021 – 2022

Data needs protection