Data breach the new extortion method: backups are not enough

You hear about data breaches all the time, however; what is it, and why does it keep happening? In this article, we will explain data breaches and why you should be concerned about them.

When a data breach occurs, it means that someone has stolen or accessed information that they shouldn’t have. This can include anything from credit card numbers to social security numbers, to files and data that is valuable to you and your business. The reason why this happens is the same reason why ransom attacks are so popular. It’s another way to extort victims for money. In the case of data breaches, the attackers may release the information they have stolen to the public or hold it for ransom.

There are all sorts of ways that your data can be breached. Hackers can break into your computer system and steal information, or they can access information that is stored online.

According to Venafi’s Global Survey of IT and Security Decision-Makers, alternative extortion strategies are increasingly prevalent in successful ransomware assaults, such as using stolen data to extort clients (38%), leaking data to the dark web (35%), and informing customers that their data has been hacked (32%). Only 17% of attacks wanted just straight payment.

This means that effective backup strategies no longer work to prevent a breach, since ransomware assaults now rely on data exfiltration. This can affect your business in several ways. Hackers can leak data even after a ransom is paid. Keep in mind these are criminals, so how much trust can you put into their words?

As we move towards cloud backup, the hackers know that just ransom of data is no longer as damaging as it used to be. This is why they are shifting their tactics to new methods of extortions.

So, what can you do? As a business, you should work to increase your cybersecurity measures. This includes making sure that your systems are up-to-date and using strong passwords, as well as having a backup plan in place in case of a data breach. You should also educate your employees about ransomware and other cyber threats, and make sure that they are aware of the best practices for avoiding them.

Document this! In many cases your vendors and customers will understand that no one is 100% safe, but if you take measures to ensure you are cyber resilient, it will go a long way with your relationships. Hiring a cybersecurity expert or getting a managed cyber security firm would allow you to demonstrate that you are staying proactive.

How do you prevent breaches?

Limit data access! It’s much easier to prevent data leaks when there is no data to leak. Sometimes it’s easier said than done, but putting in place additional regulations, such as allowing access to only the data that is necessary for each person to do their job and nothing more, can be a good idea. This implies that if one employee is compromised, the hackers would only be able to leak or hold at ransom the data he or she had access to and nothing more. This is referred to is limiting the attack surface. To do so will require some work however.

Define an attack surface

The attack surface is the total number of all conceivable entry points into a system, also known as attack vectors. The smaller the attack surface, the easier it is to secure. You can reduce your attack surface by tightening security controls on your systems, using restricted user accounts, and installing software patches. For example, if your system is running an outdated operating system, the attack surface can be significantly increased. Attack surfaces should be regularly monitored and updated to ensure that they are always up-to-date with current security protocols. Additionally, any new software or hardware added to a system should also have its attack surface evaluated to prevent vulnerabilities. The goal is to reduce the number of entry points that malicious actors can use to gain access to your system. Doing so will help protect it from potential attacks and limit the damage caused by them.

By understanding an organization’s attack surface, security teams can identify where their systems are vulnerable and take steps to protect them. It is important for businesses to be aware of their attack surfaces and take steps to reduce them. Doing so is a critical component of any security program, as it can help protect against data breaches, loss of confidential information, and other malicious activities. With proper understanding and implementation of security measures, organizations can better protect their systems against potential threats.

Use multifactor authentication

Multifactor authentication requires more than one type of verification to log in to a system. This can include something you know (a password), something you have (a security key), or something you are (a fingerprint). We always recommend using the Authenticator application such as Microsoft or Google that will give you a constantly rotating code in order to authenticate, or request an approval through the application.

Ensuring Everyone Follows Cyber Sec Policies

Making sure all employees follow the set forth security policies is crucial to an overall cybersecurity strategy. This includes having a clear understanding of the policies and making sure they are followed strictly. Organizations should also regularly review their security policies to ensure they are up-to-date with ever-changing threats. Keeping the policies updated will ensure that these policies are relevant and employees are more likely to adhere to them or have less excuses not to. This policy typically includes approved software, password policies, data storage and much more. You can read more about the security policies here.

Restrict access to data

As mentioned earlier, limiting access to data is one way to help reduce the risk of a data breach. You can do this by implementing a least privilege policy, which gives users only the minimum amount of access they need to do their jobs. This limits the damage a hacker or malicious actor can do since they won’t have access to ALL the sensitive data or systems. Important thing to note here is with many companies moving to SharePoint or OneDrive for file sharing, its a good idea to restrict how users can share data. For example did you know that if left un-restricted users can share all folders outside the organization with just a link that anyone can use to access, edit and view all of your company documents? Pretty scary to think about!

Back up your data

Having a reliable backup plan is essential in case of a data breach. You should back up your data on a regular basis, and make sure that the backups are stored in a secure location. As we know this won’t prevent your data from being stolen, however it will get you back up and running without having to pay a ransom!

You have to understand what constitutes a good back!

1. The ability to recover quickly
2. The ability to go back in time
3. Having the ability to access at least 3 versions of the backups.

Imagine this scenario: Your backup stores only the most recent version of your files, so when a ransomware attack happens and encrypts all of your data, it gets stored in place of what was once good data. This would render the entire backup completely useless to you!

Monitoring Traffic

Having Next Generation Firewall (NGFW) is ideal for this type of thing. These firewalls are awesome for analyzing traffic and utilizing AI in order to detect data breaches if properly configured with triggers to notify admins. Utilizing a NGFW will allow you to have more visibility into who is accessing what with the ability to analyze data in depth. This will help monitor for any suspicious activities and alert administrators when issues arise.

Endpoints protection is also great thing to consider here, having smart security software that is setup with triggers in order to disconnect the workstation from the network if it senses a data breach occurring in real time can make all the difference in stopping the next attack on your business.

Train your employees

At the heart of MOST cyber security breaches, is an individual that clicked on something, or provided data to a malicious website, or downloading a malicious file. It’s important to train your employees on how to protect themselves from phishing and other cyber threats. They should be aware of the best practices for avoiding these threats, and know what to do if they encounter one. This typically can only be accomplished with regular cyber security training. Staying vigilant is the MOST effective way to fight against cybercrime.

 

This is just a snapshot of the many ways you can prevent data breaches in your business. By implementing these measures, you can help reduce the risk of a data breach and protect your data from being compromised. Often times I find many companies lack the know how or technical skills in defining the attack surfaces and putting in place policies that will protect them. If your business needs help it’s a good idea to find a local Managed Services Provider (MSP) that specializes in cybersecurity or find a managed cyber security provider such as AlphaCIS. If you need help strengthening your cyber resilience, please call us at 678-619-1218