The network is the highway upon which all your IT infrastructure rides. Attacks traverse these paths — too often unseen by IT and security professionals.
The network plays two roles in data breaches. Firstly, and most obviously, it is often the thing that is attacked. But also, regardless of the target, the network offers a heads-up that a breach is occurring and clues to conduct forensics to learn the details and block further attacks.
To Protect a Network from Breaches, You Have to See it
The network is both an attack surface and a pathway for cybercriminals to follow to breach elements holding critical data. Smart hackers can map your network, understand its connections, discover vulnerabilities and make a beeline for treasures you thought well hidden.
If hackers can learn the ins and outs of your network, shouldn’t you beat them to the punch by obtaining deeper visibility and holistic mapping of your network infrastructure and attached applications, services, and devices? With this visibility, you can safeguard vulnerable areas and head off breaches as they attempt to gain their way into the network.
Setting and Enforcing Network Security Policies
Your network shouldn’t be the Wild West but should have an established form of discipline. Luckily, with network monitoring, IT can fine-tune how the network is configured and run through policies, thresholds, and alerts.
Once policies such as how bandwidth is allocated, the network segregated, or websites blocked are established, monitoring will check for compliance and let IT know when things are out of whack.
Distributed Denial of Service (DDoS) attacks are still among the most common — and most devastating — form of attack. Spotting DDoS early is vital to mitigating its impact, hopefully, early enough that there is no impact.
Network monitoring watches all your traffic flows and alerts IT when something is amiss, such as traffic rising far beyond pre-set baselines. These baselines are set by the monitoring solution tracking what is normal and seeing how traffic rises and falls based on time of day, backup windows, what have you. As a result, the system knows what traffic spikes are normal and what indicates a problem such as DDoS.
Further, you see exactly where the traffic spikes are and what devices such as servers may be flooded. You’ll also see that applications are slowing, packets are lost, and the network is suffering from unacceptable latency.
Traffic Analysis Finds Data Exfiltration, Dark Web Use and Other Nasties
Many security (and performance) problems relate to bandwidth, which is why Network Traffic Analysis is so important. With this, you can analyze NetFlow, NSEL, S-Flow, J-Flow, and IPFIX and gain comprehensive and granular details on what resources, departments, groups or even individuals are using the bandwidth. This analysis can spot unusual behavior, such as botnet attacks and network takeovers, exfiltration of data by cybercriminals, DDoS attacks, data mining which we discussed earlier, and even employees binge-watching Netflix or Amazon Prime.
If you have a good baseline, monitoring real-time bandwidth usage shows when something is out of whack. And this function reports on historical bandwidth trends, so you’ll have a sense of when you need to upgrade the network.
Network Traffic Analysis is also key to security forensics, discovering unauthorized applications, tracking traffic volumes between specific pairs of source and destinations, and finding high traffic flows to unmonitored ports.
With network monitoring, you can alert administrators when users access the Dark Web, which folks get to using Tor, the volunteer network of relays the Dark Web visitor is routed through to remain anonymous. IT can monitor all network sources for known Tor ports and spot or block access to the Dark Web.
Finding Rogue Devices
Through the process of discovery, automated monitoring finds new devices such as Wi-Fi access points. New wireless routers can be a hacker’s goldmine, but once known, they can be secured by IT or taken offline.
Learning the Enemy: Breaches on the Rise
Data breaches have existed as long as there has been data, but instead of pilfering through a file cabinet, thieves rummage through your computer files. “Data breaches are on the rise, with the first quarter of 2020 witnessing a higher number of breached records than the combined count of breached records for the first quarters of the previous seven years. One mega-breach in the first quarter of 2020 exposed more than five billion records, and hardly a day goes by without yet another breach notification by an organization or cyber-attack alert against a country by a nation-state actor, and industries that have already been pegged as highly attacked are reporting ever-increasing attack activity,” Osterman found in their What Decision-Makers Can Do About Data Protection guide.
Learning the Economics: The Insane Cost of a Data Breach
According to the 2021 IBM Cost of a Data Breach Report, every stolen record costs big bucks.
“Customer Personal Identifiable Information (PII) was also the costliest record type, at $180 per lost or stolen record. The overall average cost per record in the 2021 study was $161, an increase from $146 per lost or stolen record in the 2020 report year,” IBM found. PII was not only the most expensive but also the most commonly breached, accounting for 44% of all stolen records.
Learning the Trends: Overall Breach Costs Spiking
The IBM 2021 data breach cost report found that costs rose 10% in the last year, the biggest increase in the last seven years. “Data breach costs rose from $3.86 million to $4.24 million, the highest average total cost in the history of this report. Costs were significantly lower for some organizations with a more mature security posture and higher for organizations that lagged in areas such as security,” IBM found.
Learning the New Reality: COVID and Remote Work Boosts Breach Costs
When workers are scattered all over hill and dale by COVID restrictions, lots can go wrong with files. And breaches are an expensive certainty. According to IBM’s report, the average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor. The percentage of companies where remote work was a factor in the breach was 17.5%.
Learning What You Don’t Know: Breaches Taking Longer to Find
It takes on average 287 days to discover, identify and contain a health care data breach. “Data breaches that took longer than 200 days to identify and contain cost on average $4.87 million, compared to $3.61 million for breaches that took less than 200 days. Overall, it took an average of 287 days to identify and contain a data breach, seven days longer than in the previous report. To put this in perspective, if a breach occurring on January 1 took 287 days to identify and contain, the breach wouldn’t be contained until October 14. The average time to identify and contain varied widely depending on the type of data breach, attack vector, factors such as the use of security AI and automation, and cloud modernization stage,” the IBM report found.
Breaches are coming your way. Maybe you’ve been lucky lately, but a rabbit’s foot is no way to stay that way. Gain visibility into all key aspects of your IT infrastructure, including your network, so you can spot the bad guys before they wreak havoc.