Data breaches were larger and more damaging in 2020.
While the number of reported breaches dropped off, it’s because the crooks are finding bigger houses with more valuables to rob -- the 27 billion records exposed in the first six months of 2020 more than doubled the total for all of 2019 (12 billion).
Four economic sectors accounted for more than half of reported breaches: Information, Healthcare, Finance and Insurance, and Public Administration. It’s not hard to see why those targets are popular. Some 90 million records revealing payment card details were exposed in the first half of 2020, with even more Social Security/national ID numbers, financial account numbers, and dates of birth exposed during this time.
The global coronavirus pandemic has brought forth additional security challenges thanks largely to remote working. IT teams are overworked and dealing with new and urgent pressures. Revenues are off for many, so there are also relevant budget issues. Even still, it’s tried and true methods that continue to victimize businesses.
With additional pandemic-related vulnerabilities, these preventable mistakes led to greater losses, and the resulting breaches were often wholly avoidable with simple fixes. Here are four of the most common gaps in security, the high-profile breaches they caused in 2020, and how to prevent your company from becoming the next victim.
Increase in errors, misconfigurations
Cloud adoption has accelerated, with COVID just one of the factors responsible for cloud spending rising 37%in the first quarter of 2020. This has led to an increase in misconfigurations and other errors as root causes of most data breaches. An overall lack of adequate in-house IT expertise -- 65% of respondents reported this in a 2018 survey -- heightens the chances of human error.
In October 2020, a misconfigured Google Cloud database exposed the personal and medical information of hundreds of medical patients of pharma giant Pfizer. That data, belonging to patients taking cancer drugs, included names, phone numbers, home addresses, email addresses, customer support messages, health data, medical status, phone call transcripts, and prescription information.
Automatic updates, including those to default or temporary security configurations, along with properly trained IT teams and adequate investment in new security tools, are the easiest ways to steer clear of these errors. Creating user configuration profiles can define the most granular details and assign it to a relevant user or group of users, accounting for different roles, devices, locations, and operating systems and keeping the associated data safe.
Credential hacking on the rise
Similarly, credential hacking is on the rise because of increased remote access. In April 2020, the poster child for newfound pandemic relevancy, Zoom, revealed it had been hit by a credential stuffing attack that led to the credentials of 500,000 accounts posted for sale on the dark web and hacker forums for as little as 2 cents each.
Hospitality giant Marriott was struck in January 2020, less than two years after another high-profile data breach. Hackers obtained the login credentials of two employees and revealed some 5.2 million guests personal details.
Simple multi-factor authentication can thwart most credential hacking attempts. Zero Trust is the way forward to mitigate these kinds of breaches because identity-defined security can better protect enterprise credentials, applications, and data.
Ransomware risks are still real
Ransomware still works as a smash-and-grab job or an advanced, multi-pronged attack. Healthcare was particularly hard hit in 2020, with two major breaches in May.
A hacker held hostage the IT systems and data of Fresenius Group, the largest dialysis equipment provider in the U.S., hampering the global company’s operations around the world. Later in May, a phishing scam and ransomware attack targeted Fortune 500 healthcare company Magellan Health’s employee information, including names, contact info, W-2 or 1099 info, and login credentials and passwords.
Another successful attack this spring targeted higher education. The NetWalker ransomware operators encrypted some important servers from the University of California San Francisco (UCSF) medical-research institution, which was working on a cure for COVID-19. Although the university’s staff isolated the malware-infected servers from the core UCSF network, they were unable to unlock the hacked servers and decrypt the data. UCSF negotiated to pay the hackers $1.14 million (116.4 bitcoins) to access the decryption key to access the servers and lost data.
Secure Access Service Edge (SASE) Endpoint Security monitors applications and processes that try to modify data, blocks suspicious activity, and sends alerts. Also, the least privilege model that drives Zero Trust Networks drastically limits or eliminates ransomware damage, as compromised users can’t modify files to which they don’t have access.
More going phishing due to COVID
Phishing has only increased because of COVID, playing on emotions and the urgent need for information around the pandemic.
In April, a malicious actor accessed the personal and medical information of over 112,000 employees and patients of Beaumont Health after compromising employee email accounts through a phishing attack. The information impacted includes names, birth dates, Social Security numbers, driver’s license numbers, medical condition data, and bank account data.
By summer, over 450,000 residents of Polk County, Florida had their driver’s license numbers and Social Security numbers exposed after an employee at Polk County Tax Collector fell victim to a phishing attack.
Phishing is particularly effective when attacking a traditional, fixed perimeter network. A software-defined perimeter bases connectivity on a need-to-know model. Additionally, DNS Security, a cornerstone of any SASE platform, would have automatically filtered out problem websites. Another helpful layer involves employee training and awareness, a proven method of phishing prevention that can dramatically reduce user click rates.
2020 was a tough year for many businesses, which faced everything from a global pandemic to an uncertain economy to growing data breaches. By taking the precautions outlined above, you can at least make sure your company has a safer, more secure 2021.