Is your data safe? Has your personal data been stolen? Has your company had a data breach? What are data breaches?
The University of Maryland states that cyber attacks occur every 39 seconds. You have to assume that your personal data is out there for the attackers to use. That is what I am telling everyone that I know and come in contact with every day. The Internet is not a friendly place. Attackers are preying on you through the phone and email and even chat. Not every data breach gets reported in the news. Only the high-profile ones do. You have to protect yourself as best you can from becoming a victim of cybercrime.
What is a data breach?
A data breach is when personally identifiable information (PII) is stolen and used for nefarious purposes such as someone impersonating you to steal money from your home, bank accounts, investment accounts, etc. Attackers get this information by breaching the internal systems of companies you work for, do business with, or buy from.
Typically, personal data is stored in databases such as Oracle, SQL Server, MySQL, MongoDB, and others. If those database management systems are not secured an attacker can get into those servers and siphon the data from tables or collections of a database. Also, spreadsheets are a common occurrence in businesses today so personal information could be stored in those unsecured files. Attackers have very sophisticated tools to be able to get data from organizations.
You have to be on the lookout for fraudulent transactions that are not yours today. It is not easy to do. A good bank should be able to flag those transactions and notify you. There are personal theft protection companies that are on the lookout for these fraudulent transactions. You cannot monitor all of your digital information today. I highly recommend you look at a service like this for your protection. Here are some tips to protect your identity.
An example that happened to me not long ago. I was standing in line at a Target doing some Christmas shopping in my wife\’s hometown. I was in the process of checking out when I got a call from my bank asking me if the transaction was authentic or fake. Well, I told them it was me making the purchase. Since I was not at that location a lot I must have flagged the bank. I get these types of calls often especially when I am out of town on business or pleasure.
Types of Data Breaches
Attackers are using the easiest approach to get access to systems. Since users are still the weakest link in the security chain, they are the easiest for attackers to get data from. Let\’s explore the type of data breach.
- Phishing – phishing attacks are normally about sending fradulent emails that look legitimate from reputable companies to unsuspecting users. Also, phishing can be done over the phone too. You might get a tech support email saying your computer has issues and you need to call them ASAP to fix. You have to pay attention to the sender and links in the emails. Sometimes they are off by one character or the email addresses are completely different. If an email is coming from Walmart for example, you better see an email from a walmart.com address not any slight variation. Emails can be hard to detect issues because of the small changes they make. Your eyes will deceive you.
- Malware – if you click on a link in an email that is fradulent, you could accidentally install a piece of malicious software onto your machine which can be used to move through the systems of an organization until they are able to get a hold of an account that is useful in getting data from.
- Ransomware – if you click on a link in a fradulent email you could download a malicious piece of software that allows the attacker to lock your computer and the only way to get your data is to pay a ransom.
- Password cracking – an old fashion way to get access is to use systems to crack passwords. The password is still the most vulnerable because people like to use their kids or animal names in their passwords.
- Denial of Service – An attacker can launch a denial of service attack by sending a food of requests until the system boggs down and not able to respond.
Causes of a Data Breach
Now, that we explored the types of data breaches, let review the causes of a data breach. The causes of data breaches are as follows:
- Software Vulnerabilities – attackers exploit a bug in software that allows them to breach a system
- Viruses and Malware through Phishing Attacks – Once a phishing attack is successful, attackers can install viruses and/or malware on systems to exploit a system.
- Operating System Vulnerabilities – attackers exploit a bug in an operating system which allows them to escalate privleges to adminstrator level.
Avoiding a Data Breach
So, how do organizations avoid a data breach?
A system administrator needs to make sure that a defense-in-depth approach is in place and they do the following:
- Patch systems and software when required
- Update virus and malware protection
- Educate users of phishing attacks through chat, phone or email to help them recognize attacks.
- Continuous monitoring and acting on alerts to catch any suspicious activity before it becomes a problem.
The increase in data breaches should be a great concern to everyone. No one\’s personal data is safe. You have to assume that your data has been stolen. Unfortunately, a lot of the breaches are through accidental users providing data to thieves through chat, email, or phone. Attackers find it easy to prey on vulnerable users and will continue to do so. They prey on vulnerable users because it is the most profitable way to steal data and get money for their efforts.