Fifty Shades of Firewall
Data security breaches continue to make big news, terrifying the public of new tricky and sophisticated ways of stealing confidential information. Data is stolen without warning, forcing us to be prepared to an unexpected strike and lose everything in a second. Ironically, it reminds us that time is money. However, cases may be different.
An example of a typical insider breach scenario happened in UnityPoint Health-Allen Hospital.
According to the Courier, a long game involved an employee that had been accessing files with personal data without authorization over the course of about seven years from September 2009 to March 2016.
Having access to some patient information, the employee got more without raising suspicion. Approximately 1,620 patients were affected in total. As a consequence, Allen Hospital offered breach victims free membership for a credit monitoring service, implemented new targeted audits for employees to prevent future breaches.
As illustrated by the Breach Level Index Annual Report 2015 there were 707,509,815 data records lost or stolen in 2015. The total number of leaks decreased by 39% from 2014.
The report reveals the number of breach incidents by the source category:
- Malicious outsider – 964 (58%)
- Accidental loss – 398 (24%)
- Malicious insider – 238 (14 %)
- Hacktivist – 36 (2%)
- State sponsored – 33 (2%)
- Other – 4 (< 1 %)
The Allen Hospital incident and many others emphasize that the attacker comes not only from outside, risk can be hidden within the organization.
The 2015 Vormetric Insider Threat Report reflects the percentage of information security breaches according to the insider category.
- Privileged Users – 55 %
- Contractors and Service Providers – 46%
- Business Partners – 43%
- Ordinary Employees – 35%
- Executive Management – 28 %
According to the report, system administrators and business users have free privileged access to the most vulnerable corporate information with almost no controls placed on them.
The Wall Street Journal says Morgan Stanley fired its employee for leaking bank client data.
Galen Marsh, the financial adviser of a Midtown Manhattan branch of Morgan Stanley, was fired after accusing of bank account data theft on approximately 350,000 clients and posting some of that information for sale online.
Gregory Fleming, president of Morgan Stanley’s wealth-management arm, assures that 90% of clients are unaffected by the breach. And as for affected ones, there is no evidence that important data such as account passwords or Social Security numbers have been taken or exposed.
According to Darren Hayes, assistant professor and director of cybersecurity at Pace University in New York, stolen information is not enough to create a duplicate identity, but there is a high possibility that it may be used to trick bank account holders into providing more personal data.
Just a phone number or an email address can be used to get more information about clients and it is quite valuable to identify persons having big accounts. Almost all Morgan Stanley’s clients at major Wall Street companies store millions of dollars in their accounts.
The incident influenced Morgan Stanley shares in the banking sector as well as the broader market.
Attacks committed by malicious insiders are one of the biggest threats facing insider data and company systems.
As it was announced by eNCA on September, 2015 a South African bank employee was arrested in Groblersdal, Mpumalanga for stealing millions from ATMs. The 30-year-old man responsible for loading money into ATMs replaced half the money with fake notes. He went on the run but was apprehended by the Hawks anti-corruption unit and Groblersdal police.
It should be mentioned, however, that even a careless worker who forgets his unlocked phone in a public place is as dangerous as a user who deliberately leaks information to a competitor. Data theft is at high vulnerability when mobile devices are used by employees to access company insider information and share its data. An enormous security threat to employers may come from employees who are not aware of security best practices, visit unauthorized websites, click on suspicious links and use weak passwords.
Web application servers with their complex infrastructure may become an attractive target for attackers. Web application attacks include code-level application vulnerability as well as destructing authentication mechanisms. The 2016 Verizon Data Breach Investigations Report stated 5,334 total web app attacks, 908 with confirmed data leak.
Today companies’ websites are more business critical, aimed at promoting their services and products and conducting e-commerce.
As was announced by Bloomberg on June 1, the Ministry of Internal Affairs and the Federal Security Service of Russia arrested 50 hackers that had stolen about 46 million dollars from banks and large business. For almost five years cybercriminals have been stealing money from bank accounts across Russia and the CIS using Lurk Trojan.
Kaspersky Lab experts analyzed the malicious software and revealed the hackers’ computer network and servers, and the Ministry of Internal Affairs identified suspects and proved their involvement in the cybercrime.
The malware was aimed at accessing the remote banking system. Along with bank clients and financial organizations, the criminals were interested in media and news websites (they were also infected with Lurk). Victims got the virus through hacked sites, web application exploits, as well as due to hacker attacks on the most vulnerable corporate network computer.
Security leaks that compromise the integrity, availability and confidentiality of personal or corporate information appear every now and then in headline stories and breaking news announcing about negative long-lasting impact on victims, disastrous consequences and hard recovery. It’s a reminder that many companies are still not properly protected from a variety of data breaches.
This not so comforting statistics couldn’t be just dropped without a silver lining. Some words of hope and optimism: bad news usually travels faster than good ones. Knowledge gives a tactical advantage as forewarned is forearmed.
Start protecting your data and database now. And DataSunrise Security is a great answer for that. DataSunrise supports all major databases and data warehouses such as Oracle, Exadata, IBM DB2, IBM Netezza, MySQL, MariaDB, Greenplum, Amazon Aurora, Amazon Redshift, Microsoft SQL Server, Azure SQL, Teradata and more. You are welcome to download a free trial if would like to install on your premises. In case you are a cloud user and run your database on Amazon AWS or Microsoft Azure you can get it from AWS market place or Azure market place.