A retailer, an issuer of health care ID cards and a major email provider share at least one thing in common: they've all been recent victims of a data breach.

It's not a matter of "if" a data breach will occur but "when." Organizations that monitor their cybersecurity activity, including the form that information security breaches are taking, can be better prepared to respond and resolve an incident. In this installment of Seven Ways to Strengthen Cybersecurity, we'll discuss what we've learned from high-profile breaches.

Sources of Weakness

Human error is one of the leading causes of information security incidents, and the extent of damage it can cause cannot be understated. Centene, a healthcare insurer based in St. Louis, experienced a loss of six hard drives that contained private health information for more than 95,000 patients. A physician practice based in California had patient records stolen from the office.

Organizations can protect themselves from human error through policies and employee training on their role in cybersecurity protection.

Another common source of information security incidents is third-party vendors. Newkirk, a company that produces health insurance cards, had a cybersecurity breach that stemmed from a vulnerability with one of third-party software providers. Although no Social Security numbers were compromised as part of the breach, 3.3 million people were allegedly affected by the incident.

When evaluating your cybersecurity controls, it is critical not to overlook service providers and the role they play in protecting valuable information. Vendor risk management and Service Organization Control (SOC) reports help companies indicate where third-party providers may be vulnerable to unwanted intrusion.

Organizations should also continually monitor the protection of their networks. Cybersecurity incidents are becoming increasingly sophisticated and the attacks more coordinated. Oracle MICROS, a cash register provider, reported an information security incident in August 2016. The incident, allegedly the work of a larger cybercrime unit, occurred when hackers found information security vulnerabilities in the MICROS point-of-sale system servers. Once the breach occurred, hackers obtained user log-ins and passwords from individuals as they logged into the system, which then provided the hackers access to the storage of customer credit card information.

Yahoo recently announced that hackers stole 500 million user logins in a breach from 2014. Details on the case are still emerging, but Yahoo has alleged the attack came from a state-sponsored group.

The growing presence of experienced hacker groups make vulnerability assessments, social engineering exercises and other assessments of your cybersecurity controls increasingly important. To protect themselves, organizations should be taking a proactive approach to finding where there are weaknesses in their servers so they can address them before a breach occurs.

The Rise of Ransomware

Another element to be aware of is ransomware, which is code that prevents access to computer systems or servers until the user pays a fee. It affects both organizations and individuals, who become victims of ransomware when they inadvertently download malware that contains code that encrypts files and enables a locked screen so that users cannot access their servers or desktops. Users are asked to pay a fee, usually in a form of digital currency such as bitcoin, in order to access their files.

The FBI identified that ransomware incidents have been high in 2016, and that new ransomware variants appear frequently. Victims are asked to report ransomware incidents to the Internet Crime Complaint Center to help law enforcement officials collect data on the types of programs being used and the source of the ransomware.

Regular, secured back-ups of files can help minimize the effects from a ransomware incident. The back-ups should not be connected to the computers or networks that they are backing up so that if an unauthorized user were to gain access to the computer or server, the user would also not have access to the backed up data or media.

Individuals should also not click on any unknown links or download software with which they are not familiar. Disabling scripts from files transmitted over email and ensuring applications such as a Java, Adobe Flash and web browsers are up-to-date can also help shore up vulnerabilities to ransomware.

Internal controls should be configured to minimize the damage from a potential breach as well. The FBI supports the "least access" principle, whereby users should only have access to the files and locations that they directly need. "Least access" also restricts administrative access. The FBI suggests application whitelisting as well, where systems only execute programs known and permitted by a security policy.

Keep the Evaluation Continuous

If recent cybersecurity breaches tell us anything, it's that information security incidents are evolving quickly. Organizations that monitor new developments examine what can be learned from breaches of other organizations and consider emerging best practices to help minimize their risk of becoming a cybersecurity victim.

Seven Ways to Strengthen Your Cybersecurity

  1. Monitor the Human Element
  2. Secure the Small Things
  3. What We Can Learn from Other Incidents
  4. Know Your State Notification Laws
  5. Questions to Ask About Third-Party Providers
  6. Logical Security
  7. What Management Should Know About the IT Environment
Published on October 04, 2016