As part of cybersecurity awareness month, IDG recently released its 2018 U.S. State of Cybercrime Study. The study underscored the reality that businesses of all sizes still struggle to effectively protect data and critical IT infrastructure from various cybersecurity threats – both external and internal. While most companies are steadily increasing the amount of time and money invested in security budgets, security-related organizational planning, and employee awareness training, major data breaches continue to make headlines on a frequent basis.
Last year, numerous global companies disclosed massive data breaches, headlined by Yahoo! and Equifax. Even though the scale of the data breaches announced in 2018 is small when compared to these two, plenty of major companies suffered cybersecurity setbacks this year.
A look back at the 2018 headlines:
- In February, FedEx announced that it exposed sensitive customer data on an unsecured Amazon S3 virtual server.
- In April, Delta Airlines announced that sensitive customer data was compromised by a breach at its third-party provider of online chat services.
- In June, Reddit, the third-most visited site on the Internet, “announced a security breach” stemming from employee’s use of cloud and source code hosting sites. In this situation, hackers were able to bypass Reddit’s text-message based two-factor authentication security measure using “SMS intercept” methods.
- In September, Facebook divulged an attack on its network that exposed the personal information of nearly 50 million users.
- Earlier this month, Google’s parent company, Alphabet, shut down the much-maligned social media platform Google+ after it came to light that Google covered up “a security bug that allowed third-party developers to access Google+ user profile data since 2015.”
Just the Tip of the Iceberg
While the sheer number of individuals affected by these high-profile breaches and the subsequent financial consequences created by each is the obvious takeaway, it’s important for business executives and IT leaders to read between the lines to discern another key reality related to data breaches. Namely, the complex, interconnected and multi-dimensional nature of IT infrastructure creates countless intrusion points or back doors that can be exploited by hackers to gain unfettered access to valuable or sensitive data that is seemingly “secure.”
In the case of the 2017 Equifax breach, hackers exploited “a weak point in website software.” Personal account information of Reddit users from 2007 and before was obtained “by intercepting SMS messages” sent as part of an attempt to use SMS-based two-factor authentication. In an ironic twist, hackers took advantage of “two bugs in the site’s “View As” feature” to gain access to 50 Million Facebook users. According to The New York Times article on the Facebook breach, the [View As] feature “was built to give users more control over their privacy.”
Strategies to Protect Your Data and Mitigate Risk
Taking a proactive approach to data security that is aligned with the big-picture strategy of your business is crucial to lock down the numerous vulnerabilities that hackers are so adept at exploiting. To help its customers mitigate risk and ensure the security of their data and IT infrastructure, Expedient offers a suite of comprehensive and complementary managed services, such as:
- Two-Factor Authentication (2FA) – As evidenced from the Reddit breach, not all forms of 2FA are created equal. Expedient customers can secure cloud computing environments with token-based 2FA while supporting easy access for authorized users.
- Data Encryption at Rest – Thanks to the explosion of the Big Data trend, it’s common knowledge that the growth (and value) of unstructured data is huge. Security methods like Data Encryption at Rest protect this invaluable business resource.
- Virtual Private Network (VPN) – A VPN service enables you to extend secure network access to remote locations, an absolute necessity for every business in our digital, hyper-distributed world.
- Advanced Threat Prevention (ATP) – Leveraging the power of machine learning, ATP identifies and blocks known malicious files in real-time at the network level.
- Dedicated Firewall Management – Ensuring that your firewalls are configured correctly on a 24/7/365 basis can be a daunting task. With Dedicated Firewall Management, Expedient makes sure you don’t have to worry about it.
- Unified Log Management – Aggregate, store, and search event data from multiple sources for forensic analysis purposes.
Because of the opportunistic and unpredictable methods of cyber criminals, these security solutions are fortified by our commitment to stringent procedural controls, best-of-breed security technology across our data center footprint, and a robust selection of third-party attestations. Expedient has extensive experience safeguarding the data and IT infrastructure of our customers across a variety of industries, including Ecommerce/Retail, Energy/Utilities, Financial, Healthcare, Manufacturing, Professional Services, and Software as a Service. Feel free to reach out to me with any security or compliance questions you may have.