A stitch in time

Written by 
Published in Features
  • font size decrease font size decrease font size increase font size increase font size
  • Print
  • Email

Ten Tips to Avoid Massive Data Breaches – Don’t be the next Sony or Anthem by Benny Czarny, Founder and CEO OPSWAT

With Sony recently setting aside $15M to investigate the reasons for and remediate the damage caused by last year’s data breach, many of our customers—from large enterprises to small business—are wondering what they need to do make sure they aren’t the next big data breach headline. 

Another example is the recent Anthem breach. Though this is now said to be the largest data breach in the health care industry, unfortunately it is unlikely to be the last. No details are available yet about how the breach at Anthem occurred, however from other breaches we have learnt that often the security is breached by a targeted spear phishing email attack that is used to plant malware or to entice the recipient to provide credentials that can then be used to gain access to systems. The breach could occur at the company itself, but we have also seen breaches where the actual attack occurred at a supplier through which access was gained to the company's procurement system.

Anthem should be commended for notifying the FBI so promptly about the breach. Fast and appropriate action could mean that the attackers have not yet been able to cover their tracks.

In order to protect against targeted email attacks, a multi-layered approach is recommended. Conventional email security systems need to be reinforced by implementing an antimalware solution that uses multiple antivirus engines to scan email attachments, greatly increasing the likelihood that malware is detected, as well as countering threats targeted to bypass a specific engine’s detection capabilities. Document sanitization, where files are converted to a different format and any embedded scripts are removed, acts as another security layer by defusing any possible hidden threats in email attachments that might go undetected by antivirus engines. Employee training on how to detect phishing attacks is also highly recommended, although it is important to be aware that spear phishing attacks are becoming more and more sophisticated and can fool even the most tech-savvy employees.

Unfortunately although most companies have security technology in place that can detect known viruses and phishing attempts, targeted spear phishing attacks remain difficult to spot since the emails are sent to a small number of individuals, often using social engineering to make the emails seem legitimate, even to tech-savvy employees. Companies need to reinforce their existing email security systems by implementing more layers of protection. For instance by using multiple antimalware engines to scan email attachments, the detection rate is significantly increased and threats that are targeted towards specific antivirus engines can be countered. Since spear phishing attacks often make use of email attachments that are laced with malware that exploits zero-day vulnerabilities that may not yet be known, it is also important to sanitize email attachments by converting files to another format to diffuse any possible embedded threats. 

The good news is that most data breaches can be prevented by a common sense approach, coupled with some key IT security adjustments. 

1.       Employee security training is an absolute necessity.

I cannot emphasize this point enough. Even the most sophisticated security systems can be compromised by human error. The Sony breach started with phishing attacks. People still use USB devices from unknown sources, which is allegedly how the Stuxnet worm was delivered. Your network is only as safe as your most gullible employee.

2.       Access to executable files should be limited to those who need them to complete their duties.

Many threats are borne via self-extracting files, therefore limiting the number of employees who are allowed to receive this file type limits your exposure. Your IT department absolutely needs the ability to work with executable files. Bob in accounting? Not so much!

3.       MSOffice documents and PDFs are common attack vectors.

Vulnerabilities are identified in MSOffice and Adobe Reader on a regular basis. While patches are typically released very quickly, if the patches are not applied in a timely fashion the vulnerability can still be exploited. As an everyday precaution, document sanitization is recommended to remove embedded threats in documents.   

4.       Data workflow audits are essential.

Data can enter your organization through many different points—email, FTP, external memory device, etc. Identifying your organization’s entry points and taking steps to secure them is a critical step in avoiding data breaches. At a minimum, scanning incoming and outgoing email attachments for viruses and threats and implementing a secure file transfer solution should be considered. 

5.       Store sensitive data in separate locations.

Simple data segregation could have mitigated the impact of the Sony breach. The hack exposed both internal communications and unreleased video files. Had the videos and emails been stored on two separate systems some of the damages may have been prevented.

6.       Internal and external penetration tests are critical.

Internal testing is valuable tool, but hiring an outside party to attempt to breach your network will identify security holes your team may have missed.

7.       Keep your security architecture confidential.

You may be excited about your innovative networking solution or new cloud-based storage system, but think twice about making any of that information public! The more your attacker knows about your systems the easier it is for them to tailor the attack.

8.       Remember that traffic generated internally to your security system may still be suspect.

The Sony malware connected to an internal security system to impersonate legitimate traffic to disguise its malicious nature.

9.       Multilayer defense is needed.

I like to describe defense in depth by comparing it to the defense systems you might see at a castle; it could be defended by a large stone wall, followed by a deep moat, followed by a draw bridge, followed by an Iron Gate, etc. A single layer of defense is not sufficient for your data—it must be protected by multiple systems working in parallel. That way if one layer of defense is breached your data is not exposed.

10.      Finding your weakest security link is your top priority.

Every office has one, and it will vary wildly from organization to organization. It might be that employee with their passwords taped to their monitor. It might be the deprecated Linux server everyone seems to have forgotten about. You might not be looking for those weak links—but rest assured that cyber attackers are. The question is: Who will find them first?

Full Name


Email Address


Bosch Corner

Intelligent devices – changing things for the better

Intelligent devices – changing things for the better

The Internet of Things (IoT) is changing the way we view video security, quite literally.

Extremely intelligent cameras for extremely testing conditions

Extremely intelligent cameras for extremely testing conditions

Nature is incredibly unpredictable. It only takes minutes for a wind to double in strength...

Full control

Full control

From evacuation to conferencing: Bosch supplies full security and communications solution to Krakow event center.

Event News

Next Events

BSIA Spotlight

Achieving efficiency through integration

Achieving efficiency through integration

As an important method of securing a site by controlling, monitoring and restricting the movement...

Full stop

Full stop

Renewed focus on Hostile Vehicle Mitigation following vehicular attacks in London.

Industry experts elected to BSIA Section Chair positions

Industry experts elected to BSIA Section Chair positions

At the British Security Industry Association’s Annual General Meeting on Wednesday 12th July 2017, 24 industry...

IPSA Features

The Challenges with security in university accommodation

The Challenges with security in university accommodation

By Jane Farrell, FM Development Manager, Sodexo and Chairman International Professional Security association (IPSA)

Recognising the contribution of contract security

Recognising the contribution of contract security

Following on from recent terror attacks in the UK, there has been a lot of...

Debunking Cyber Security

Debunking Cyber Security

Over the last few years companies have started to realise that cyber security is a...

MEB Media Limited

13 Princess Street,

Maidstone,Kent

ME14 1UR

United Kingdom

http://www.mebmedia.co.uk/

 

Site Map

Monthly Newsletter Signup

Full Name


Email Address