Jan 22 2020
Some types of cyber threats run together in many people’s minds. However, the question of what is a data breach versus a different type of cyber incident is pretty clear.
Data breaches have become a daily occurrence. Many organizations collect massive amounts of data about their customers and fail to properly secure these collections. Since this data is valuable on the black market, cybercriminals take advantage of these weak protections to steal sensitive data.
It probably should not come as a surprise that the threat of the data breach is not only ongoing but growing. Organizations still have the same vast collections of sensitive data, and it is only becoming more valuable. However, while the growth of the number of data breaches and exposed records in 2019 is to be expected, the drivers behind the exposure of sensitive data may be less so.
The Threat of the Data Breach
Data breaches have entered the public consciousness as one of the biggest cybersecurity threats in existence. They probably would have the top spot unopposed if it wasn’t for the very visible and personal threat of ransomware.
For many organizations, preventing a data breach is one of their highest cybersecurity priorities. With the passage of new data privacy laws like the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA), and dozens of others, being the victim of a data breach can be extremely costly for an organization. This has created some odd incentives in cybersecurity efforts like bug bounty programs, where extremely common threats like cross-site scripting (XSS) that don’t often result in data breaches are assigned much lower bounties than rarer threats that could result in a major, public breach.
Protecting against data breaches is difficult because they can be performed in so many ways. A common cause of a data breach is misconfigured security settings in the cloud, where a “public” data store is fully accessible to anyone who can learn the URL. Data breaches are also commonly caused by exploitation of web application vulnerabilities (including XSS) that take advantage of the fact that these web apps often have direct access to back-end databases containing user account information.
Organizations attempting to protect themselves from the threat of data breaches must struggle with the fact that a data breach can be very profitable for an attacker and is difficult to defend against due to the wide range of possible attack vectors. Since the majority of organizations lack the level of technical knowledge and expertise held by many cybercriminals, and the identification of vulnerabilities that can be used in data breaches can be performed in an automated fashion, it shouldn’t be surprising that the number of data breaches is growing.
Data Breaches Continue Growing
2019 is a bad year for data breaches. In the first nine months of 2019, there were a total of 5,183 different data breaches with 7.9 billion records exposed. This represents a significant growth in both the number and impact of data breaches compared to the same period in 2018. The number of breaches has grown by 33%, and the total number of breached records is 12% higher.
Interestingly, the drivers between the number of breaches and the volume of breached records differ. Unsurprisingly, cybercriminals were responsible for the majority of data breaches; however, they don’t account for the majority of breached records.
Accidental data leaks, like those caused by misconfiguration of cloud services security settings, have caused over 6 billion records to be exposed in the first three quarters of 2019. This number is calculated based upon the number of insecure cloud data repositories that have been discovered and reported. However, the true amount of data exposed on these cloud deployments is likely much higher, and the nature of the cloud means that organizations with insecure cloud resources may not even be aware if they have been accessed by unauthorized parties.
How to Protect Sensitive Data
Data breaches can be carried off in a wide variety of different ways. Many of them are intentional actions by cybercriminals attempting to gain access to sensitive data for their own use or for resale on the black market. However, others occur without malicious intent as companies accidentally expose their own data due to negligence or a lack of understanding of how to secure new environments like the cloud.
Protecting against data breaches requires the ability to identify and monitor repositories of sensitive data through the organization’s environment. While the organization’s main databases may be well-protected, unforeseen circumstances can cause sensitive data to be stored in unprotected repositories.
Data may be migrated to the cloud to fulfill business needs, but without the oversight of the organization’s IT and security teams. Sensitive data may be needed to test software under development and be copied to a database within the development environment. The organization may have backup systems in place to protect against ransomware but inadequately protect those backups.
These unofficial data repositories are a favorite target of hackers since they lack the defenses of the main database. Protecting against data breaches requires visibility and security into all of an organization’s sensitive data, wherever it may be located.