5 Ways Hackers Can Breach Your Company Undetected
Security breaches are, quite unfortunately, a common presence in corporate environments. Even companies making effective use of the most recent security solutions such as next generation firewalls, advanced threat protection and security incident and event management (SIEM) systems are not an exception. There are several ways you may be breached and not know about it.
Here are some practical examples and the best methods to deal with them.
- Unknown Software & Hardware Vulnerabilities
It is quite simple, most vulnerabilities can remain unknown for months or even years before being made public and patched. That was the case with the Meltdown and Spectre attacks, a pack of vulnerabilities in CPU hardware, discovered by Google researchers in June of last year and released to the general public in January 2018. Meltdown and Spectre made it possible for attackers to read the memory content of compromised computers, including passwords and sensitive data stored on the system.
The fact is, this vulnerability affected most CPU hardware from the last 10 years, and even though there is no confirmed case of exploitations in the wild so far, this does not mean cybercriminals and even government agencies could not have been taking advantage of it for the last decade.
Unfortunately, there is no way of dealing with an unknown security flaw other than following basic advice: maintain systems updated with latest security patches and keep an eye on the latest news regarding new vulnerabilities.
Insiders should never be regarded as a secondary threat when compared with other incident sources, such as cybercriminals. For instance, when not properly trained, employees can be prone to accidental errors such as sending an email message to the wrong recipient, sharing sensitive information in a public place, like a social network, or falling victim to an attack such as social engineering or phishing. All of those could go unnoticed for a long period of time.
It is also important to consider that there are insiders that would willingly commit a violation or even a crime. For example, an employee intending to leave the company could try to copy confidential files to a USB drive, even if it goes against the security policy.
A mix of endpoint protection solutions (e.g., antivirus, USB control) and technologies such as a Data Leak Protection (DLP) system, complemented by a SIEM and an experienced incident response team, is a great option in this situation. Aside from that, an excellent approach to reduce insider risk is creating a security awareness program for educating employees on basic security principles and policies adopted by the company.
Third parties are someone you must entrust with corporate data, like a business partner, a Cloud service provider or even an individual consultant. Should a data leak occur when your data is in the possession of a third party, chances are you will not know.
For third-party personnel working within the company boundaries, aside from the previously mentioned security controls, consider having special rules for outsiders, such as limiting connections to a specific network segment with limited access (or even better: no access whatsoever) to corporate servers and endpoints. Physical controls should also be applied, including limiting access to restricted areas, the use of identification badges and inspecting backpacks and briefcases if necessary.
For cases where the data is stored or handled outside the company, there are several options for dealing with the third-party security risks, including having explicit security terms on contract, such as making a leak notice mandatory once it is detected, enforcing requirements such as encryption and data leak prevention, asking for an incident response team and retaining the right to audit the third-party infrastructure.
Encryption is probably one of the best security controls, as it allows sensitive data to be securely transmitted over unsecure networks. The problem is, it also works the other way around! As most Internet services such as browsing, instant messengers, email and Cloud storage already enforce strong encryption, it may be hard to control when sensitive data is leaving the company. Even worse, encryption is also widely adopted by malware for communicating with command and control servers.
When everything is encrypted, the only solution is going around it. Companies with older firewalls and web proxies may have a tough time, but modern solutions can already make use of a decryption method, such as SSL inspection, that allows the inspection of encrypted traffic.
It is important to understanding that there are still limitations and it is not always possible to decrypt all traffic in and out of a company. For instance, some financial institutions will not work well with SSL inspection and there may be privacy concerns, also there is the possibility of rogue encryption (i.e., employees or visitors using their own encryption software without authorization). An appropriate solution is monitoring where the encrypted traffic goes to, i.e., encrypted information leaving for another country or directed to an IP with a bad reputation may indicate a security breach.
We may forget it sometimes, but data is not limited to bits and bytes. A breach may also occur with information sensitive shared verbally or if a printed document is left unattended. It is important to understand that, in regard to data breaches, the quantity alone does not define the impact of the incident.
For example, if an improperly discarded hard disk falls in the hands of cybercriminals, they may try (and succeed!) to restore information. Presuming they are able to recover lots of files, but there is no confidential, private or any other form of sensitive information, the impact may be negligible. Now, if someone prints a confidential report and leaves it unattended at a public place, it may fall in unwanted hands and have a major impact on the company.
The leak of digital information is much more common, but that does not mean other forms should be disregarded. Having a clean desk policy, using secure means for disposing confidential information and providing employee awareness training are the best options in this case.
In this Series
- 5 Ways Hackers Can Breach Your Company Undetected
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security