Can data breaches be avoided?
“The most dangerous kind of data breach is the one you don’t know about” – Frank Abagnale.
According to the Ponemon Institute (Cost of a data breach report 2023), it takes nine months on average to identify and contain a data breach. In modern world, cybercriminals are using sophisticated techniques making it difficult to even detect a breach.
First, what are the main causes of data breaches?
Obviously, the attacker is to blame. However, it is essential that companies take the required measures to avoid such attacks. Here’s few causes of data breaches:
> Weak credentials: Are you still using the same password for all your accounts? Written on a sticky note? Passwords are the key to protect your data and criminals rely on software to crack even difficult password.
> Security Vulnerabilities: To perform an attack, hackers will look for a vulnerability to exploit.
> Internal Error: A simple human error can lead sometimes to a data breach costing the security of a company. Examples: losing a device, communicating confidential data to a third-party who is believed to be trustworthy, sending a contaminated document, etc.
> Internal Malice: Beyond human error, sometimes an employee would carry out data theft for different reasons – sent by competitors, acting out, etc.
What are the consequences of data breaches?
When a data leakage happens, whether it is due to an innocent error or a malicious act, companies must deal with the consequences, such as:
> Reputational damage.
> Legal action: Companies are supposed to protect their customers data. Not being able to offer this protection a legal action can be taken. For instance, British Airways had to pay a £20M fine after experiencing a data breach. The company was accused of not putting in place the adequate security measures when managing its customers personal information.
> Financial losses: In 2023, the estimated cost of data breaches is $4.45M, according to the Ponemon Institute
The 3CX attack: A double supply chain attack in one
The 3CX data breach is a rare (if not the first) incident in which hackers used a supply chain attack to initiate another one successfully. How did it happen?
3CX announced that various versions of the VoIP application were compromised on March 30th. After investigation, it was discovered that the attack began in 2021 when hackers infected a Trading Technologies software with a malicious code. In 2022, a 3CX employee downloaded the infected software on his personal computer allowing hackers to get access to the employee’s work credential. From here, the 3CX network accessed via VPN allowing lateral movement and slipping infectious code into the VoIP application and the 3CX website.
Users who downloaded the infected application may have given the hackers access to their sensitive information such as phone number, email address, and credit cards information.
The Google Fi/ T-Mobile Data Breach
Google Fi is a mobile virtual network that operates on its partners physical network infrastructure such as T-Mobile and U.S. Cellular.
In January 2023, T-Mobile suffered a data breach resulting in affecting 37M customer and the theft their accounts information. The attackers were also able to access Google Fi’s customers data: phone number, SIM card number, activation date, account status and the chosen service plan. It has been suspected that the attack has been going on since November 2022, at least. However, Google Fi has not communicated on the number of affected customers.
Having this information, hackers proceeded with SIM swapping attacks targeting Google Fi customers. Furthermore, it is expected to see a rise in phishing attempts.
How can we prevent a data breach?
The two data breaches listed above serve as an example to showcase the importance of securing critical data. Now, it is obvious that perhaps these data should be regularly accessed by both company’s internal employees and third parties for business operation purposes. Which leads us to the security paradox:
How can we create invincible barrier while allowing access for both internal employees and third parties? In other words, how can we give an access to certain users and not others?
This can be done only by applying a Zero Trust approach and here’s how:
> Protocol break technology: having a Zero Trust architecture equipped with protocol break technology allows protocol rewriting and controlling flows. It acts as the auditor at the port who discharge a ship, and make sure all goods are safe & secure before putting them in a truck.
> Clientless web access: Unlike client-based access, clientless access allows users to use their resources without the need to install any client on their devices. Control can be then centralized forcing regular updates and allowing a better patch management.
> The use of virtualization: Virtualization also plays a role in strengthening the barrier. A virtualized application is displayed on the user device while being executed on a remote device (in a data center for example).
HTML5 delivery
Here’s where HTML5 delivery becomes interesting! It allows to regroup the technologies listed above while giving access to resource via any browser. Furthermore, only images are communicated to the user while only keyboard & mouse flows are allowed to be transmitted from the user. Therefore,
> You make sure that no infection can be transmitted to the organization’s network.
> You limit the interactions with the user’s workstation.
You can add an additional security layer by integrating UBA (User Behavior Analytics) to continuously verifying the identity of the user. As seen in the case of Goole Fi data breach, hackers were able to have access to SIM serial numbers and initiated SIM swapping attacks. In this case, UBA comes in with a great importance to stop these attacks.
In the 3CX incident, the hacker has been able to use the credential of one employee to move laterally within the network and carry on with another attack. This could have been avoided with UBA and Privileged Management features such as just-in-time workflows.
With the rise of data breaches there are no heroes, only victims!
In the aftermath, the cost of a data breach can be tremendous especially that hackers are using new sophisticated techniques. As we seen, double attacks started to be used and it is expected to see more of these attacks in the months to come.
Adding the fact that a data breach is rarely discovered before it is too late, that’s why starting a Zero Trust journey is important more than ever before.