Data breaches occur in a variety of shapes, sizes, and exposure levels. They can range from leaving a few log files unintentionally accessible to the public to leaking the personally identifiable information (PII) of hundreds of thousands of users.
Do not assume that, because you have a secure network, a breach cannot occur. People, not the strongest connection (the network), are responsible for the majority of exposures. Attackers can exploit phishing, social engineering, spear-phishing, and the natural tendency for humans to trust one another in order to gain access to data they should not have.
In this article, we will outline seven ways to identify a data intrusion attempt and what you can do to prevent it.
1. Phishing
Phishing and spear-phishing are familiar words. You may have been attacked like this. 76% of organisations were phished in 2017, therefore you or a coworker may have received a phishing or spear phishing email.
Phishing is when you get an email that looks like it came from a reputable source, such a bank or your employer. Attackers send the email. The email will connect to a form where you must enter PII like passwords, credit/bank card details, account numbers, etc. After receiving this information, attackers can use it for phishing or other purposes.
Phishing has no technology solution, only therapies. Algorithms may scan emails for phishing scams, word trends, and hyperlink usage.
Users must think critically to avoid phishing. User education helps. Check URLs and scan the web to discover whether suspicious emails contain phishing terms. Alerts and reminders encourage attentiveness. Phishing exploits human weaknesses, therefore education will minimise phishing compromised events but not eradicate them.
Phishing can cause catastrophic compromises, thus it’s crucial to be aware of it even when it can’t be solved. Phishers will succeed, too. You should know when they succeed and have an incident response plan.
2. Spear Phishing
Spear phishing is an evolution of the basic phishing attack. It is similar in that a fraudulent email or other message is created to dupe you into giving away information, but different because spear phishing targets a specific person. The message uses previously obtained PII to make it seem more authentic and increase the chances of success.
Unfortunately, as spear phishing is merely a more targeted form of phishing, there are no technical solutions which can completely eliminate it. Rather, the only way to counteract this type of attack is to be aware of the problem.
Don’t respond to any email asking for PII of any kind, unless you have been directly notified by a trusted source that such an email is incoming. Regularly examine router or proxy logs. Do there seem to be a lot of connections out to strange domains, especially ones that look almost, but not quite, like yours?
Are there a lot of very long URLs being accessed, or URLs with IP addresses in them? Those are some immediately obvious signs of phishing attacks, and you may wish to initiate breach containment procedures if you have them.
3. Social Engineering
Social engineering allows attackers to forge emails like those above. Humans trust each other, making it easy for an attacker to steal sensitive information from employees by posing as a contractor, technical support agent, etc. Remember in the introduction that assaults might come from people, not networks? This fails.
Thus, authentication, authorization, and accounting (AAA) systems must be used to check who, what, and when activities are taken. All important company systems—web and database servers, routers, switches, employee computers, etc.—can use this. Contractors and temporary visitors to company property can be given limited network access to reduce their attack surface.
4. Rogue Wi-Fi
Wi-Fi is so basic that it’s easy to overlook, but it’s significant enough to be a vital attack vector. Is the network you are connecting to the genuine office network, or is it a spoofed version?
When insecure protocols (such as HTTP) are employed, it is far too simple for attackers to create copies, which can reveal a plethora of information about network activities. Setting up a rogue Wi-Fi access point is simple, and devices the size and shape of a mobile phone are available for a low cost, so it’s imperative that your network be protected from such attacks.
There are a few ways to mitigate this, including hard-wiring sensitive systems (where available), using BSSID enforcement (when practicable), and most importantly, using a VPN to a known-secure server for anything you do not wish to be disclosed (which should be everything).
6. The Internet of Things
Now we come to the truly disgusting devices, such as your printer, smart lighting system, and projector, that you would never contemplate. The Internet of Things (IoT) will now be our focus.
Is your printer, for instance, encouraging you to follow individuals on YouTube? Are the colour of its lights changing? You are experiencing an Internet of Things (IoT) attack, and dependent on whether you adhere to the “segregate everything” rule (see below), you may have a massive, widespread security failure. An adversary can exploit a 10-year-old Linux kernel vulnerability in your brand-new printer with relative ease. At that juncture, all of your security measures are rendered ineffective.
Only one rule applies to IoT, and everyone must adhere to it: segregate. Place all IoT equipment on its own VLAN and severely restrict with whom and how it can communicate. IoT is far too hazardous to leave in its default configuration in a business environment, so don’t. As many printers and wireless projectors do, ensure that none of your devices are transmitting insecure wireless networks. If you must implement IoT, test it twice and still do not trust the results.
Conclusion
Multiple types of security breaches can occur, so it is essential to implement a system with multiple layers to safeguard your data and employees. This will hopefully enable you to avoid the potentially embarrassing and catastrophic consequences of a major data breach.
Teach your employees how to recognise fraudulent emails. Contractors and anyone professing to be in a position of authority must undergo multi-factor authentication. Monitor all logs for indications of suspicious activity. Validate all claims.