Security breaches are, quite unfortunately, a common presence in corporate environments. Even companies making effective use of the most recent security solutions such as next generation firewalls, advanced threat protection and security incident and event management (SIEM) systems are not an exception. There are several ways you may be breached and not know about it.
Here are some practical examples and the best methods to deal with them.
- Unknown Software & Hardware Vulnerabilities
It is quite simple, most vulnerabilities can remain unknown for months or even years before being made public and patched. That was the case with the Meltdown and Spectre attacks, a pack of vulnerabilities in CPU hardware, discovered by Google researchers in June of last year and released to the general public in January 2018. Meltdown and Spectre made it possible for attackers to read the memory content of compromised computers, including passwords and sensitive data stored on the system.
The fact is, this vulnerability affected most CPU hardware from the last 10 years, and even though there is no confirmed case of exploitations in the wild so far, this does not mean cybercriminals and even government agencies could not have been taking advantage of it for the last decade.
Unfortunately, there is no way of dealing with an unknown security flaw other than following basic advice: maintain systems updated with latest security patches and keep an eye on the latest news regarding new vulnerabilities.
- Intentional or Unintentional Insider Threats
Insiders should never be regarded as a secondary threat when compared with other incident sources, such as cybercriminals. For instance, when not properly trained, employees can be prone to accidental errors such as sending an email message to the wrong recipient, sharing sensitive information in a public place, like a social network, or falling victim to an attack such as social engineering or phishing. All of those could go unnoticed for a long period of time.
It is also important to consider that there are insiders that would willingly commit a violation or even a crime. For example, an employee intending to leave the company could try to copy confidential files to a USB drive, even if it goes against the security policy.
A mix of endpoint protection solutions (e.g., antivirus, USB control) and technologies such as a Data Leak Protection (DLP) system, complemented by a SIEM and an experienced incident response team, is a great option in this situation. Aside from that, an excellent approach to reduce insider risk is creating a security awareness program for educating employees on basic security principles and policies adopted by the company.
- Third-Party Security Vulnerabilities
Third parties are someone you must entrust with corporate data, like a business partner, a Cloud service provider or even an individual consultant. Should a data leak occur when your data is in the possession of a third party, chances are you will not know.
For third-party personnel working within the company boundaries, aside from the previously mentioned security controls, consider having special rules for outsiders, such as limiting connections to a specific network segment with limited access (or even better: no access whatsoever) to corporate servers and endpoints. Physical controls should also be applied, including limiting access to restricted areas, the use of identification badges and inspecting backpacks and briefcases if necessary.
For cases where the data is stored or handled outside the company, there are several options for dealing with the third-party security risks, including having explicit security terms on contract, such as making a leak notice mandatory once it is detected, enforcing requirements such as encryption and data leak prevention, asking for an incident response team and retaining the right to audit the third-party infrastructure.
- Rouge Encryption & Unintended Consequences of Encryption
Encryption is probably one of the best security controls, as it allows sensitive data to be securely transmitted over unsecure networks. The problem is, it also works the other way around! As most Internet services such as browsing, instant messengers, email and Cloud storage already enforce strong encryption, it may be hard to control when sensitive data is leaving the company. Even worse, encryption is also widely adopted by malware for communicating with command and control servers.
Ethical Hacking Instant Pricing – InfoSec
When everything is encrypted, the only solution is going around it. Companies with older firewalls and web proxies may have a tough time, but modern solutions can already make use of a decryption method, such as SSL inspection, that allows the inspection of encrypted traffic.
It is important to understanding that there are still limitations and it is not always possible to decrypt all traffic in and out of a company. For instance, some financial institutions will not work well with SSL inspection and there may be privacy concerns, also there is the possibility of rogue encryption (i.e., employees or visitors using their own encryption software without authorization). An appropriate solution is monitoring where the encrypted traffic goes to, i.e., encrypted information leaving for another country or directed to an IP with a bad reputation may indicate a security breach.
- Physical Breaches
We may forget it sometimes, but data is not limited to bits and bytes. A breach may also occur with information sensitive shared verbally or if a printed document is left unattended. It is important to understand that, in regard to data breaches, the quantity alone does not define the impact of the incident.
For example, if an improperly discarded hard disk falls in the hands of cybercriminals, they may try (and succeed!) to restore information. Presuming they are able to recover lots of files, but there is no confidential, private or any other form of sensitive information, the impact may be negligible. Now, if someone prints a confidential report and leaves it unattended at a public place, it may fall in unwanted hands and have a major impact on the company.
The leak of digital information is much more common, but that does not mean other forms should be disregarded. Having a clean desk policy, using secure means for disposing confidential information and providing employee awareness training are the best options in this case.