Data breaches happen all the time – including massive breaches that wreak havoc for millions of customers. The 106 million customer records breached in the Capital One spill immediately come to mind.
In this post, we are going to explore why data breaches are common, how data breaches influence your business, and basic security precautions that your team should take.
If you have questions or would like to discuss infrastructure security, contact the Tragic team today.
Why are data breaches so common?
Data breaches have been around since before the rise of the cloud, though in the past they were less common and less severe.
Most analyses of modern data breaches focus on incidents since 2005. This line in the sand is largely due to (1) the increased digitization of our lives and (2) the rise of cloud computing.
Unfortunately, the studies show that data breaches are increasingly common and growing in severity. In recent years, there have been high profile cases from household names like Target, Facebook, Equifax, Yahoo, and Uber.
Data breaches happen because teams have poor processes, rush through decisions, and skimp on basic security assessments and audits. In addition, we believe that good checks and balances could mitigate damage once a breach does occur.
It's important to understand that data breaches are not "on or off". If your systems are compromised, having proper security protocols and a plan of action can reduce the damage and speed up the time to get your systems back online and secure.
From a technical standpoint, the most time-consuming aspect of resolving a data breach is identifying the security vulnerability and resetting account access for all compromised accounts.
How can a data breach influence your business?
Data breaches harm your business in several ways. There is the huge reputation hit of suffering a breach along with the money spent trying to remedy the problem.
But what about before your systems are compromised? Can a security breach teach us how to build processes, teams, and audits?
In our experience, yes. Your team needs to address three things upfront, even if you have never been the victim of a hack or data breach.
1. Improve your internal processes to prevent an attack
Many of the breaches mentioned above happen due to simple lapses in judgement. With the right internal processes and monitoring, you can make attacks much less likely to occur.
We recommend improving your internal processes by:
- Ensuring software deployments include penetration testing, ideally as part of your automated deployment pipeline
- Keeping your server software up-to-date
- Having a process to monitor and update expired certificates, tokens, etc.
- Changing all default passwords on systems and services that you use
- Ensuring that user roles and permissions are correctly configured
- Setting threshold alerts to notify users of unusual activity, such as a spike in traffic
Click here to view our talk on CMS security best practices.
2. Create mitigation plans in case an issue arises
A mitigation plan can be the difference between having a bad week and causing irreparable damage to your company.
We recommend creating plans for the most common problems, including site takeovers and data exposure.
In addition, your team needs the right tools in place before a security incident to be able to accurately assess the situation. The right monitoring and tracking can prove to be the difference between thinking there is a problem and being able to pinpoint the threat.
Part of your mitigation plan should be to have recent backups of your data, so that your users' data is not corrupted or permanently deleted.
3. Set aside time to conduct a security audit
Yes, we know your team is busy. Every development team is under unrealistic deadlines.
However, taking a pause to conduct a security audit and run through your mitigation plan can save precious time when a real problem occurs. Security audits are important because software is fluid – your application, infrastructure, and external services are always changing.
Certificates expire. Libraries get depreciated. legacy systems are kept up by mistake, providing an attack surface for hackers. Putting eyes on your overall system every quarter will catch problems early, instead of when it's already too late.
Conclusion
It's important to remember that social engineering is often the new way into your system.
Hackers are foregoing brute force and, instead, are phishing system admins or developers to get the access that they need. Moreover, the latest breach of Microsoft is a great example that breaches are going to happen.
Even to huge organizations with extremely deep security teams. That is just the age we live in. But, as with the Microsoft incident, if you have good processes and follow best practices, the damages can be mitigated or even dodged completely.
That's why we recommend improving your internal processes to prevent an attack, creating mitigation plans in case issues do arise, and setting aside time to conduct security audits.
Data breaches may be inevitable, but the harm to your users is not. Strong engineering practices can help you dodge a potential disaster.
