Every week there seems to be a news story about another massive data breach with millions—and sometimes billions—of records containing personal data lost or stolen. We regularly hear about cyberattacks involving brute-forcing secure logins or exploiting software flaws, but there’s a new segment of the cybercriminal economy that’s growing fast: attackers who target companies that have unintentionally left data out in the open via misconfigured databases.

According to the 2020 Verizon Data Breach Investigations Report (DBIR), 17 percent of all data breaches in 2020 were caused by human error—twice as many as in 2019. Databases are not immune to this problem, and the vast majority of public databases found on the internet are put there by accident. When the data is available on the internet, it can be stolen by anyone with nefarious intentions.

Unfortunately, many of these attacks are unsophisticated, using exploitation tools that can scan the entire internet in a matter of hours. The tools are free or low cost and can detect misconfigured databases left unsecured on the open web by developers who often made an honest mistake.

Cybercrime is a booming industry, yielding profits of $3.5 billion in 2019. And while the value of a single data record on the black market is low, usually around $20, criminals focus on grabbing thousands of records for a big payday. IBM estimates that the average cost of a data breach costs a company $3.86 million, with personally identifiable customer information costing the most at $150 per record. And this doesn’t include the damage to a company’s reputation and lost trust with customers.

Attackers are constantly looking for new databases to attack. As part of an experiment conducted last year, a poorly secured database was purposely left open on the internet to observe attacker behavior; the database was found within a few hours and was repeatedly accessed over the following weeks.


Building a cyber defense roadmap

While no organization can ever be 100 percent secure, better database security can be achieved through collaboration between employees, security practitioners, and executive leadership. Here are three things security practitioners can do today to mount a successful cyber defense:

1. Enable a security culture. A healthy security culture prioritizes training employees on information security, how to report incidents, when to ask for help, and whom to contact to work together toward incident resolution. But a culture of security isn’t possible in an “infosec vs. employees” environment. Instead of punishing employees for security missteps, try developing a culture of cybersecurity that rewards diligence and adherence to security guidelines, which creates a flywheel of positive reinforcement and improves security outcomes.

2. Watch for well-intentioned accidents. Use an external scanning system that continuously monitors for exposed databases. These tools immediately notify security teams when a developer has mistakenly left sensitive data unlocked. There are many solutions that can scan both internally and externally. Two free public scanners you can use to keep an eye on your systems are Shadowserver and Shodan.

3. Create a solid incident response plan. Experiencing a data breach is not a question of “if,” but “when,” and incident response is the cornerstone of a good security program. Once you are alerted to a data breach that has occurred or is in progress, the first actions you take can be the difference between becoming the next data breach headline or a non-story.

Luckily we have a great guide for how to create an incident response plan, policy, and procedure through the National Institutes of Standards and Technology (NIST) Special Publication 800-61. Always have a mitigation plan in place and rehearse it with your IT and security teams, as well as your executive leadership, so that when there is a data disclosure, you have a swift and intentional response.


Defending data is a team sport

With cyber threats growing in frequency and impact, security professionals have their hands full managing hundreds of remote workers. Juggling an increasing amount of data with this new way of working creates security challenges unlike anything we’ve ever seen before.

Mounting a successful defense that covers both sophisticated cyberattacks and accidental database leaks comes down to cooperation between individuals and departments — ensuring the appropriate technology and safeguards are in place to meet the complex needs of distributed organizations.

There isn’t just one fix, but a combination of people, process, and technology working in harmony can help avoid the next database breach.