Preventing Cybersecurity Disaster: Learning from the Top Security Breaches in 2018
Arguably one of the most important tools for improving your company’s cybersecurity defenses is to learn from the major security breaches that make it into mainstream media headlines or industry publications throughout a given year.
In much the same way as air travel is so secure because of the lessons learned from previous accidents and incidents, cybersecurity progressively improves over time when businesses heed the lessons that history makes accessible to them. Of course, knowing what caused a high-profile incident isn’t enough; you then need to take steps to make sure similar breaches don’t occur at your business.
This article overviews some important ways to prevent cybersecurity disaster bearing in mind the lessons learned from some major security breaches that made headlines during 2018.
The Consequences of Careless Cybersecurity
An almost unbelievably careless approach to cybersecurity has been evident in breaches that occurred prior to 2018, but the leak at data broker and marketing company Exactis, which made headlines midway through 2018, was yet another prime example that businesses aren’t taking cybersecurity seriously enough.
The Exactis data leak involved the compromise of two terabytes of data on both businesses and individuals. It is unclear whether the data was accessed by anyone with malicious intent, but the blasé nature of the cybersecurity defenses that enabled the leak to happen is what is most concerning.
Vinny Troia, a security researcher, discovered that Exactis had left a database with millions of records containing sensitive information exposed on a publicly accessible server without any protection.
It’s evident that a somewhat lax approach to cybersecurity still exists in many businesses. Minimising this human error aspect is crucial to stronger defenses against the growing number of cyber attacks that companies face.
Inadequate Cybersecurity Investment
When a company renowned for its investment in providing the perfect customer experience is hit by a major cybersecurity incident once, you might call it bad luck. However, when the same company is exposed by another incident, it’s clear there hasn’t been appropriate investment in strengthening cybersecurity defenses.
Marriott International is a multinational hospitality company with a value greater than $40 billion. In November 2018, it was discovered that the sensitive information of 500 million Marriott customers was breached by hackers who bypassed inadequate security solutions.
Companies must deploy next-generation security options such as SIEM tools, artificial intelligence, and web application firewalls if they want to properly combat sophisticated attack methods deployed by modern cybercriminals. (For clarification, this SIEM guide explains what SIEM entails and how it helps.)
Prompt Incident Response Is Crucial
It was discovered in early 2018 that the American bakery-café chain Panera Bread leaked the records of 37 million of its customers in plain text via an API endpoint on its website. The compromised records included addresses, names, and the last four digits of credit card numbers.
What was most surprising about the Panera Bread incident was the inadequate response to it. The company had received reports about the particular security vulnerability involved a full eight months before the story went public. It’s clear that the incident response plan at Panera Bread either didn’t exist or was completely inadequate. Companies must understand that certain categories of cybersecurity incidents cannot be put on the long finger, particularly when the incidents involved compromise sensitive customer information. Promptly responding to the most serious cybersecurity incidents and breaches is imperative.
Don’t Neglect Insider Threats
In separate incidents at American bank holding company SunTrust and U.K. supermarket chain Morrisons, the dangers of insider threats came to light. In the SunTrust incident, news emerged in April 2018 that a malicious insider may have stolen details on up to 1.5 million customers.
In November 2018, Morrisons faced the consequences of insider threats when it was found liable for the leaked information of employee details by a former employee at the company that had occurred three years prior. It has been speculated that the company faces a substantial payout to affected employees in lieu of its liability for the breach.
These incidents show that insider threats remain a huge problem for business across all industries, and they underscore the importance of taking active steps to minimise such threats.
Data Breaches Put Reputations On The Line
In arguably the most high-profile security breach of 2018, it was revealed by The Guardian that millions of Facebook profiles were harvested for data in a major data breach involving the British political consulting firm Cambridge Analytica.
The public outcry as a response to the misuse of data by Facebook was such that one in twenty British people deleted their accounts on the website entirely. The 2018 Facebook breach was a reminder that data breaches don’t just undermine company finances, they can severely impact business reputation.
Facebook absorbed the hit to its reputation and remains profitable, but smaller companies would probably not be so lucky. The first step, therefore, is always in preventing major breaches rather than reacting to them because by that stage it’ll likely be too late.
Applying The Principle of Least Privilege
In early 2018, it was revealed that Health South East RHF, a Norwegian healthcare organisation, had become the victim of a huge data breach which resulted in the compromise of confidential healthcare records on 56 percent of the entire Norwegian population.
The breach happened when intruders gained unauthorised access to critical IT databases, most likely due to careless privileged access management. In an industry such as healthcare, where the records accessible to staff are typically highly sensitive, it is vital to enforce the principle of least privilege, which grants only the required level of access to data or systems necessary for the completion of specific work activities.
In summary, while cyber criminals continue to evolve in their methods and strategies all the time, it is evident that human error is still a huge contributing factor to the most serious incidents that occur. Companies simply aren’t bolstering their own cybersecurity defenses in response to the breaches that make headlines.
The only way to prevent the recurrence of the top 2018 security breaches is to learn what went wrong and apply solutions and strategies including:
- Preventative tools like SIEM and A.I.
- Adequate cybersecurity investment
- Staff training
- The principle of least privilege
- Thorough employee vetting