Data is inarguably one of the most valuable assets that companies own. Just like any other valuable asset, it needs to be protected from attackers all the time. If this valuable asset is leaked, it is most likely to initiate a chain reaction: disclosure of sensitive information, identity theft, and financial loss.
According to Verizon’s Data Breach Investigations Report (DBIR), out of 32,002 security incidents reported, 3,950 were confirmed breaches. These breaches are not just perpetrated by vulnerabilities lying on external infrastructure but also through data leaks and other external threats. Going to number, 70% of these breaches are perpetrated by External actors, and 30% because of insider threat.
Whether it is the data breach of Capital One, Marriott, or Apollo (the list goes long), there is one thing in common – all of them had their customer personal data breached. The same report says that 58% of these breaches have personal data compromised. Human errors and misconfigurations are two of the most common sources of breaches, ahead of malware, and only behind the hacking. In particular, misconfiguration errors have dramatically increased since 2017.
The recent Solarwinds breach, leading to FireEye Breach, also took place, possibly because of Credential Leakage on a public GitHub repository.
Data breaches have short term as well as long term effects on the companies irrespective of the sector they are in. The immediate effects include the fines and penalties imposed on the affected org.
Talking about the long-term impact, it clearly includes significant revenue loss and loss of user-trust and brand reputation loss. Not just that, such breaches also result in the disinterest of investors, as well as the loss of Intellectual Property and sensitive data loss.
The five-ways to avoid Data breaches:
Data breaches can occur through tech elements like misconfigured and vulnerable software within your organization’s network, beyond the firewall, or through elements that include human factors like phishing, uncontrolled source code repositories, and insider threats. It’s hard to solve the non-tech factor but the tech factor can be solved using the following 5 ways:
- Continuous Asset Discovery beyond IP and Subdomains
- Data Leak Monitoring
- Frequent Vulnerability Scanning
- Periodic Cloud Security Review
- Third-Party Risk Management
1. Continuous Asset Discovery beyond IP and Subdomains
Digital assets for organizations include, but are not limited to, the internet-connected VMs that host web apps and databases, DNS records, SDKs, cloud storage solutions, etc. Increasing the assets landscape also increases the probability of missing out on them. Such forgotten assets typically don’t get patched and become the weakest links in your security defenses.
Just imagine what would happen if an attacker gets access to your abandoned but fully functional cloud account or an unpatched software running on a host connected to an internal network.
This makes continuous asset discovery an essential step in the process of avoiding a data breach. Know the assets your company owns – registered domains and other DNS records, VMs running on-premise, on cloud or data centers, web apps and other services hosted on them, ports exposed, etc to name a few. Then identify those who are exposed to the internet and discover their attack surface. Vulnerabilities in publicly accessible assets tend to be more critical and sensitive. Therefore an up-to-date inventory (from an external viewpoint) helps you to determine weak spots in your security defense.
2. Data Leak Monitoring
We should always be asking ourselves: “Is this something that is, or is not, in my control?”Epictetus, Enchiridion
Security teams can have multiple practices to secure what is in their control. Yet there are a few things that are out of their control. The security practices don’t often stop the devs from pushing production code to personal GitHub accounts. Nor will they stop code sharing on public websites like Pastebin (and many more).
Monitoring for data related to your organization on various code aggregators, paste sites, public file sharing sites, etc helps identify if any sensitive data like API keys or other secrets were leaked online by mistake. This also helps security teams identify the frequency of such leaks so that the team can work on steps to eliminate such insecure practices.
3. Continuous Vulnerability Scanning
In order to make sure that your assets are not vulnerable to known security vulnerabilities, it is essential to perform a comprehensive vulnerability assessment on all the assets regularly. This is not a one-time activity. Performing it periodically, say every month or a quarter, allows you to check if your assets are secure against new vulnerabilities released since the last scan.
Be it an IP Address, subdomain, or a mobile app, having a continuous vulnerability scan mitigates the known security issues and allows organizations to identify risks before attackers do.
4. Periodic Cloud Security Review
A decade ago, when you wanted to create and configure a database, this is how the process looked: buy a physical server, install DBMS software, and configure security policies. Then add the internet connection to the database server. It was a bit of a slow and costly affair.
The times have changed. Now one can create a database server in minutes with just a few clicks. Thanks to the amazing cloud providers and their services. This helps organizations by reducing time while deployment and scaling up or down when required.
At the same time, it makes assets more dynamic and accessible over the internet by default. And as we know, with great ease, comes many vulnerabilities and human errors. It adds complexity in managing asset inventory and increases the probability of a misconfigured server exposed on the internet. Misconfigured Infrastructure-as-Code (IaC) modules like Terraform, misconfigured buckets, publicly exposed AMI, etc. add more fuel to this fire and make regular cloud security review a necessary item on a CISO’s task list.
Therefore, it becomes necessary to perform regular cloud security scans and reviews of your complete cloud infrastructure. This should include all the different cloud services (with more importance given to publicly accessible ones), IAM users and their access levels, etc.
5. Third-Party Risk Management
A very common area that is many times missed when deploying security controls is around third party assets. “A third-party risk management is an attempt to quantify the risk associated with a third party vendor that’ll be providing a product or service to your organization”
Good numbers of security incidents occur due to security misconfiguration in third-party tools, using them with default password/settings, outdated libraries being used, and so on. It takes very high importance to regularly perform risk assessment across your third party assets.
If you are terrified of how you would implement the above five steps, don’t worry.
Data breaches will continue to impact organizations as long as people make mistakes, whether that’s misconfiguring them, putting weak security controls, not accepting “Security shouldn’t be an after-thought”, implementing feeble strategic plans, having no continuous monitoring and vulnerability management in place. It has become extremely necessary for the firms to evaluate their security posture continuously, put both reactive and proactive controls, set up strong monitoring and tracking mechanisms.
How can we help?
We, at Redhunt Labs, take these areas very seriously and can help your organization avoid data breaches and help companies mitigate threats before it is too late? Our SaaS-based Attack Surface Management solution ‘NVADR’ provides
- Continuous Asset Discovery of your public assets, including IP, Subdomains, Web and Mobile apps, code repositories, and many other modern assets.
- Data Leak Monitoring by continuously searching multiple websites across the internet for code and secret information that maps back to your organization.
- Vulnerability scans by not just scanning for ports but also the misconfigurations of services, apps, etc.
- Cloud Security Review for GCP, Azure, and AWS.
- Discovering third party associations and making sure no security risks are being exposed on the internet.
If you are interested to know more and take your first step around Attack Surface Management, drop us an email on nvadr [at] redhuntlabs [dot] com.