Small Business Cybersecurity: How to Stay Ahead of Data Breaches

Accidental

The Verizon Data Breach Investigations Report (DBIR) ranks "carelessness" among the top action categories to prevent data breaches. Human error is a cause of data exposure, with employees causing leaks due to errors such as email misdelivery, poor security hygiene (e.g., sharing passwords), and app misconfiguration. The report states that "human error is an enduring cause of data breach events."

Malicious Insiders

Employees and ex-employees are behind some data breaches. Malicious insiders cause data breaches for many reasons, including grudges against a company for financial benefit and to commit industrial espionage. On average, 17% of data breaches involve espionage, according to the DBIR. This average varies depending on the industry sector; for example, 55% of data breaches in the mining and utilities sectors are due to espionage. Malicious insiders have been known to be recruited on the dark web.

External Attackers

Data breaches from external malicious forces are behind the majority of attacks. According to the DBIR, different sectors experience different rates of external attacks. For example, the education sector experiences 62% of data breaches caused by external hackers, whereas finance and insurance suffer 78% of attacks from external hackers.

Phishing

Phishing remains a go-to technique for initiating a data breach and an ideal method for stealing credentials. With the advent of generative AI, phishing messages are more believable and highly personalized; AI gathers intelligence and creates phishing campaigns based on that information. Making matters worse, evasive tactics like using QR codes in an email rather than malicious links make phishing detection much harder.

A recent report shows that 94% of organizations are victims of phishing attacks, with a 52% increase in phishing attacks that successfully bypassed detection. The financial sector regulator, the Financial Industry Regulatory Authority (FINRA), recently issued a cyber-alert warning about evasive phishing.

"ONNX Store, a Phishing-as-a-service platform (PhaaS)1, is targeting Microsoft 365 (M365) accounts at FINRA member firms with an advanced social engineering attack known as quishing: a business email compromise (BEC) attack that uses QR codes in embedded PDF documents to redirect victims to phishing URLs."

Malware Infection

Malware is often used to initiate a data breach, according to the DBIR. Keylogger and infostealer malware collect keystrokes during credential entry and take screenshots, then send them back to an attacker. Hawkeye Reborn keylogger malware attacks were distributed as Malware-as-a-Service (MaaS).

Phishing emails containing malicious attachments or linking to infected attachments in portals like Dropbox initiated the malware infection. The Hawkeye Reborn threat actors used social engineering spam attacks to contact victims in various industries, including transportation and logistics, healthcare, and agriculture.

Ransomware Infection

Ransomware encrypts data to demand a ransom for a decryption key and steals the data before encryption occurs. It then uses the stolen data to leverage the ransom demand. A recent example involving a spate of attacks by ransomware gang Scattered Spider targeted large UK retailers. The attackers targeted the popular retail brand Marks & Spencer (M&S). The company was likely targeted in a spear phishing attack that led to the ransomware infection and data breach. The stolen data included personal details like name, address, and orders placed. The company was forced to stop online orders and close shops. Operations were severely disrupted for days. Notably, the DBIR survey found that 44% of data breaches involve ransomware.

Man-in-the-Middle (MitM) attacks

MitM attacks intercept data and other communications as they are being transferred, often modifying the communication. The Equifax data breach, which affected 145 million American citizens, used the MitM technique to exploit shared SSL digital certificates to perform SSL and DNS spoofing, redirecting users to fake websites.

SQL Injection Attacks

SQL Injection attacks can bypass authentication and access a database. The UK real estate company Foxton Group was a victim of a SQL Injection-based data breach affecting 16,000 customers. The attackers used database vulnerabilities to carry out SQL injection. The data ended up on the dark web, and the company faced a $108 million (£80 million) class action.

Credential Stuffing

Credential stuffing attacks use already stolen data, usually available on the dark web, to attempt to access accounts. The process is automated, and attackers use millions of stolen credentials to flood online accounts until they get a match. A credential stuffing attack impacted HSBC Bank's U.S. customers - attackers used stolen logins to access customer accounts. Data stolen included personal information like contact details as well as transaction histories.

Social Engineering

Social engineering is increasingly successful due to AI and deepfakes. Attackers can manipulate individuals into handing over login credentials and other sensitive information by making them believe they are communicating with a trusted person, like a CEO. Once the data is released to a cybercriminal, it can be used to carry out follow-on attacks, including ransomware infection and data breaches. Examples of deep fake-enabled social engineering are increasing.

A recent example was the attack on Arup Engineering, where an employee was tricked into joining a video conference call with company executives. However, the executives were all deepfakes, and the company handed over $25 million to fraudsters. The risk of AI-enabled attacks used to breach data is likely to increase.

Accidental Data Leaks

Accidental data breaches cover a broad spectrum of possible ways that data can be exposed. Email misdelivery is a common way for data to leak. A survey from Typing.com found that 57% of people have admitted to accidentally sending the wrong email message to a co-worker, with 17% sending the wrong email to a client or customer. Human error is a common problem leading to data breaches, with 74% of Chief Information Security Officers (CISOs) citing human error as their top cybersecurity risk. This concern is not misplaced, as the World Economic Forum (WEF) found that human error is behind 95% of security breaches. This concern was realized at a G20 Summit when the Australian immigration department accidentally sent an email to the wrong person, revealing the personal details of world leaders.

Security Awareness Training

Phishing is a popular method to steal login credentials that can lead to a data breach. Educate employees on the type of manipulation tactics used in phishing campaigns. Use phishing simulation exercises to test employees' responses to phishing to enhance and optimize training. Also, system admins and IT teams should be fully aware of the importance of correctly configuring databases and other web apps to prevent exploits of misconfiguration that lead to data breaches.

Robust Identity Security

Stolen login credentials can open doors to larger data breaches. Deploy robust identity security measures, including multi-factor authentication (MFA), and privilege governance. Ensure that when people leave an organization they have their access rights and privileges swiftly removed, this help to derisk ex-employee insider threats.

Secure the Network

Network vulnerabilities and exploits are commonly used to hack databases. Secure your network by monitoring it using intrusion detection and prevention system (IDPS) solutions. A network monitoring tool detects unusual activities that could signal data exfiltration. Also, a web access firewall (WAF) should be deployed to inspect HTTP requests and identify malicious traffic.

Network Segmentation

When an attacker enters a network, they can use tactics, like lateral movement, to access sensitive areas. Use network segmentation to isolate areas of the network to prevent attackers from entering restricted areas.

Email Security Solutions

Advanced anti-malware protection identifies potential malware infections. AI and machine learning-based solutions are used to identify emerging and evasive malware-based attacks.

Data Leak Prevention (DLP)

DLP solutions enforce policies and rules to prevent sensitive data from leaving the network without authorization.

Patch Vulnerabilities

Vulnerability exploits are used to enter a network and escalate privileges to allow attackers to gain unauthorized access to databases and other sensitive areas of a network. To prevent this, patch and upgrade software and firmware promptly.