Data Breach Prevention: A New Paradigm

[lwptoc]

Despite increased global legislation around data protection and heightened consumer awareness around privacy and misuse of data, breaches were up a staggering 33% last year. Data breach prevention has never been more important.

Hardly a week goes by without a major data breach hitting the headlines, with some of the largest global corporations being named and shamed. Repeat offender Marriott, whose 2018 breach was one of the largest in history, hit the headlines again in April 2020 with another breach affecting 5.2 million records. Other notable 2020 breaches include EasyJet who revealed that 9 million customers were affected by a cyberattack in May, while facial recognition software maker Clearview AI had their entire customer list stolen along with a database of around 3 billion photos.

There is no doubt that stories of data breaches and cyberattacks will continue to make headlines. Organizations are also increasingly negotiating with hackers to get their data back. In the first 5 months of this year alone, BlackFog tracked 76 publicized ransomware attacks and that number is rising fast.

Cybercrime is a lucrative business and cybercriminals are always on the hunt for their next victim.

Cyberthreats are advancing so quickly it is perhaps not surprising that the average security team is struggling to manage an average of 57.1 different security tools in order to try and keep their organization out of the headlines.

Evidenced by the growth in the global cybersecurity market, (now a massive $173B), organizations know the importance of protecting their IT infrastructure from cyberattack. With dozens of security tools deployed across IT departments, why are so many organizations still being held to ransom and generating headlines for breaching data privacy regulations?

It is clear the cybercrime is rising, cybercriminals are getting smarter and ransomware pays, so the risks associated with cyberattacks will continue to escalate. What we need to address is why these attacks are still so successful, and is it possible for IT departments to stay ahead of cybercriminals and prevent data loss?

Defensive based approaches are no longer effective. The new paradigm is based on the assumption that hackers will get in and focuses on preventing the removal of data.

In the past, organizations have relied on traditional defensive approaches to protection such as perimeter-based firewalls and endpoint based anti-virus software. An approach that is simply not effective in preventing the types of cyberattacks we see today. Despite the best efforts of IT departments, around 80% of successful cyberattacks bypass existing cybersecurity systems. In fact, recent research from BlackFog has discovered that newer malware routinely disables existing security services before even mounting an attack.

This defensive based approach is no longer effective. The new paradigm is based on the assumption that hackers will get in and focuses on preventing the removal of data. If an attack cannot communicate bidirectionally with another server to activate, download payloads, exchange keys or exfiltrate data, then they are effectively disarmed.

When we think of data breaches and cybercrime in general, we mostly think of hackers and faceless cybercriminals. However, a 2019 study from Verizon reported that more than a third of the 40,000 breach incidents they analyzed involved internal actors. Just as cybercriminals have ramped up their attacks on businesses amid coronavirus- related disruption, many companies have been forced to focus on the threats within their own organization.

Disgruntled employees are certainly nothing new, but as the Coronavirus crisis lingers and many corporations look to reduce their workforce, many employees are becoming increasingly nervous of their job security, and with that the likelihood of employees going to the dark side increases. Combine this with already stretched IT departments trying to manage new remote workforces, and it’s unsurprising that insider threats are a significant cause for concern.

Malicious employees that steal intellectual property or commit intentional sabotage are among the costliest threats to organizations. Gartner’s insider threat statistics suggest almost a third of criminal insiders commit theft for financial gain, and according to IBM, it takes on average 77 days to recover from an insider incident at an overall cost of around $11 million.