The risk to companies experiencing data and security breaches is higher now than ever before. In 2017 alone, some of the largest high-profile companies were targets of data and security breaches: Sony, Uber, Home Depot and Equifax, to name a few. Not only does a company suffer financial losses and legal repercussions, but it also risks serious damage to its reputation. The truth is that these breaches impact more than just the companies themselves, they also affect the entire ecosystem: clients, consumers, vendors and employees. Here are some of the latest data and security breaches and the lessons we can learn to prevent these and other attacks from happening in the future.
Macy’s, one of the largest department store chains suffered a security breach that occurred between April 26 and June 12, 2018 exposing personal customer data such as email addresses, credit and debit card numbers, birthdays and more. Bloomingdale’s, owned by Macy’s, was also affected. Macy’s claims that an unauthorized third party is to blame for the breach, but the retailer waited a month before notifying customers. Following further security investigation, it was determined that the company failed to implement strong authentication measures that were needed to minimize access to their critical accounts.
Timehop, an application that resurfaces a user’s older social media posts, was also a recent target of a security breach affecting nearly 21 million users and compromising their personal information such as names, email addresses and phone numbers. The company analyzed the timeline of events beginning in 2017 and noted that the first breach occurred in December 2017 when a hacker accessed the system which runs their data for its cloud application. The cybercriminal breached the system on several occasions between March and June 2018, but waited until the 4th of July holiday to wreak havoc. Several hours after the breach occurred, the company’s engineers noticed that Timehop’s password for its data service, which did not use two-factor authentication, had been changed thereby causing the application to stop working entirely.
In late June 2018, Ticketmaster UK found malicious software on its third-party customer support application that accessed their users’ personal data including payment information. The company blamed Ibenta Technologies, the developers of the chat application, for this breach. Ticketmaster could face penalties since UK digital bank Monzo informed them early April 2017 that fraudulent transactions were occurring in their customers’ accounts. This puts Ticketmaster UK in jeopardy because under GDPR, companies are required to report any information of a breach within 72 hours. Ticketmaster UK did not report the breach until 76 days after the fact.
Best practices to prevent data and security breaches
Data and security breaches are a growing concern for companies worldwide and it is apparent that no organization is exempt from experiencing one. There is always a complicated mix of network visibility, monitoring and alerting as well as communication that has the potential to fail. With so much at stake, it’s imperative that companies take preventative measures to ensure their networks are safeguarded.
First, evaluate your existing security tools. The sheer volume of network traffic can overwhelm security tools and cause network blind spots which prevent network and security operators from receiving the real-time data needed to detect any inside or outside attacks. To avoid bottlenecks, network and security operators will often disable important security features such as SSL decryption to avoid overwhelming the network. This can be problematic because it limits the ability to perform deep packet inspection and monitor any traffic coming into the network.
Second, as networks grow and become more complex, enterprises are under pressure to purchase additional security devices thinking this will improve the security of the network. This is not a viable solution since additional devices become more complex to manage. For example, adding additional security tools could have implications elsewhere, and without proper visibility, IT teams aren’t always aware of how one device impacts the entire network. Not only can this have security repercussions, but it can also have a negative impact on business continuity. Furthermore, adding more security tools can be costly in the long run.
Third, if an organization works with any third-party entity that has access to the company’s personal assets, it needs to ensure that effective security controls are in place. Most importantly, third party vendors need to report any unusual activity and/or breach immediately.
One of the greatest challenges for security professionals is the ability to understand what is happening in the network right now. Attackers are more prevalent and deceptive today than ever before. They find ways to slip into the network and remain largely undetected. The greatest advantage security professionals have in defending attacks is time. The sooner we can spot anomalous behavior, the sooner we can take appropriate action to prevent the attack from occurring. Investing in the right network monitoring and security tools that can analyze real-time traffic entering the network is the strongest defense against data and security breaches. This becomes especially important as networks are moving to higher speeds like 100G.
It is important to remember that, following a security breach, your data and your reputation cannot be recovered easily. By having a plan and the right monitoring tools in place, you can effectively protect your business and keep your company’s data secure.