By Thom Otten, security consultant. When I go through the daily security news I come across reports almost every day that there is a data breach somewhere. But what does this mean for my organization? Does this have any impact to the organization?
Take for example the Cit0Day breach last November: a collection of 226 million stolen email addresses and 40 million passwords originated from 23,600 hacked databases have leaked from the ‘data breach index’ site, Cit0Day. Then the question arises to me, does this include credentials from our organization?
In 2020 alone at least 80 major data breaches occurred, leaking large numbers of customer data, financial data, taxpayer identification numbers, accounts and credentials, sensitive documents and so on. Large organizations, such as Mariott, Éstee Lauder, Nintendo, easyJet, and Intel, suffered from these data breaches.
Despite the world is suffering from the corona pandemic, cyber criminals do not see this as a step back and do not wait for better times to come. As many organizations experienced, 2020 was the year that a large amount of the workforce started working from home, which forced organizations to rapidly change from on premise operations to remote operations. This may have caused organizations to overlook, or forced to ignore, the implantation of security measures. As a potential result the companies attack surface increased even more in combination with existing vulnerabilities and might increase the chance of a data breach even more.
What might be the potential impact to my organization?
The DBIR 2020 espionage report showed that the top compromised data varieties were credentials and sensitive information. But in most cases, it was a combination of data that malicious actors were looking for specifically.
The information released from these breaches can be used to perform follow up attacks, for example by gaining access to systems using leaked credentials. Years ago, Digital Shadows showed that leaked employee credentials can be found online for 97 percent of the top 1000 global companies, many of which came from third-party breaches. In 2020 they uncovered that more than 15 billion credentials circulating around and traded on the dark web coming from more than 100,000 breaches. In addition, many organizational credentials are traded on those marketplaces, especially interesting accounts with (Domain) Administrator privileges or remote desktop privileges.
Not only leaked credentials are a risk for today’s organization. There is also an increasing amount of corporate information which should not be publicly available, ranging from sensitive sales documents until sensitive research and development documents containing intellectual property even before it is patented. This information is not only used by criminals to earn money, but also by sophisticated state sponsored actors who are interested in developing technologies like artificial intelligence, nano technology, semiconductor technology and so on to counterfeit products or technologies for example for military purposes.
In some cases, employees are storing work related data at home to facilitate their homework situation. In many cases this is done on an unsecured Network Attached Storage (NAS) or similar device, which is configured using the default factory settings, through which ignorant employees spread sensitive data on the internet. Or employees creating backups when leaving the company to use that information in support to their next job. Another use case are misconfigured corporate systems which make it easy to access sensitive information for malicious actors.
Let’s not forget the third-party organizations which are part of your organizations supply chain. These organizations interface with your systems and might be able to access sensitive information for legitimate and intended purposes. How that information is processed and secured might be outside your organizations span of control or depends on contractual/assurance agreements.
What can we do as an organization?
Most organizations focus only on implementing preventive technical and administrative controls to protect sensitive business and customer information; using for example document classification, awareness, Identity and Access Governance, Privileged Account Management or Data Loss Prevention solutions.
But preventive measures must go hand in hand with detective measures. By using Digital Risk Protection (DRP) your organization becomes capable of detecting and responding to breached data in an early stage. This is an important step to protect the organizations business and limit the impact of these breaches to your organization by closing down leaks of confidential data in public and cloud sources, even if third parties are responsible for these leakages.
Digital Risk Protection
DRP is capable to fulfill that role and provides insights into sources of exposure that hackers can exploit such as leaked credentials and leaked sensitive business information. In addition, DRP might even be capable of providing decision support in conditional access use cases by temporary preventing access, or enforce additional measures, to confirm the identity and provide safe access to the information without interfering the user work activities.
Next to detecting data leakages DRP includes many other capabilities such as threat intelligence, insights in external facing vulnerabilities, brand risks, dark web monitoring and so on.
Would you like to know more about DRP and what Traxion can do for you in this regard? We would like to get in touch with you!