Robert S. Mueller, III, former Director of the FBI, is quoted as saying, “There are only two types of companies: Those that have been hacked and those that will be hacked.” As technology expands, devices diversify and systems become interconnected, the threat of a data breach grows all the more serious for an organization.

Here, Security magazine talks with two cyber experts about mitigating the risks of data breaches and mobile data breaches.

Data breaches

Sarah Jones, Cyber Threat Intelligence Research Analyst at Critical Start, has worked as an intelligence analyst for 15 years. She started her career in the Air Force, working as an all-source intelligence analyst, before she transitioned to the private sector.

Security: Why are data breaches such a prevalent threat to organizations?
Jones: Data breaches pose a significant threat to organizations today due to their cascading impact. A single breach can compromise not only the affected organization but also its partners, vendors, and clients, exponentially increasing the potential damage. This interconnectedness creates attractive targets for threat actors, who can maximize their efforts with minimal investment. Additionally, threat actors frequently repackage and resell leaked data in various formats to maximize their financial returns. This practice allows them to profit without actively targeting specific organizations. By selling data to other cybercriminals, they can minimize their risk while increasing their potential earnings.

Security: How can organizations mitigate the risks of a data breach?
Jones: There are a few mitigation strategies that organizations can take. This includes rapidly identifying and isolating the breach source to prevent further data exposure, which may involve shutting down affected systems or revoking compromised credentials. A thorough forensic investigation is crucial to determine the breach's scope, origin and duration. This involves examining system logs, network traffic and access records to understand the compromised data and the attack method.

Security: How should sensitive information be handled within an organization?
Jones: To protect sensitive information, organizations should enforce password resets for potentially compromised accounts, implement multi-factor authentication, and monitor for suspicious login activity. Additionally, issuing new credentials or authentication tokens can further enhance security. To strengthen overall security posture, regular security audits, vulnerability patching, and updates to security protocols are essential. Implementing robust encryption and access controls, along with deploying advanced threat detection systems and network segmentation, can further fortify defenses against future attacks.

Mobile data breaches

Kern Smith, Vice President, Americas at Zimperium, has worked in enterprise mobility and security for more than a decade.

Security: Why are mobile data breaches such a prevalent threat today?
Smith: Mobile devices are critical to enterprises and how their employees conduct business. Additionally, mobile applications are the main way that most customers interact with businesses. These devices and applications are uniquely exposed to a variety of threats that other traditional endpoints or backend services are not. Devices are taken everywhere with an employee, and are constantly exposed to potential phishing attacks, malware, and other vulnerabilities. Mobile applications can be freely downloaded from any app store, and from there an attacker can reverse engineer them, or the apps can be exposed to malware on customer devices exposing credentials and other sensitive items.

These examples only scratch the surface of the threat vectors available to bad actors, with typically relatively little protections or controls in place compared to traditional endpoints or web apps. Attackers know this, and have the ability to leverage relatively low-cost attacks that can achieve high yield, including mobile phishing attacks, leveraging off the shelf malware, or vulnerabilities in the OS, and in applications that are either developed by the company or a third party to achieve their objectives. This combination of utilization and vulnerability makes mobile a prime target, attackers know this, and the vulnerabilities and breaches continue to increase accordingly.

Security: What advice would you give to any security professionals in charge of managing mobile data breach incidents for their organizations?
Smith: Look at the controls in place. Understand what is being applied for static and runtime protections and controls of the mobile applications that are being developed and deployed to customers, and the mobile devices used by employees, ensure they are being applied properly at the endpoint and device level, and that the forensics developed are being leveraged as part of a larger incident response program.

Security: Looking back on your experience with mitigating mobile data breach incidents, how do you now prepare for the possibility of future incidents?
Smith: Don’t wait for something to happen to you, your app, or device. Take proper measures to proactively protect your mobile assets from these constantly emerging and evolving threats.