Best Practices for Data Theft Prevention
It is important to emphasize that, with the digital transformation and the increase in the use of digital media identified in recent years, there has also been a spike in the practice of cybercrime, that is, those crimes that occur through virtual means.
These crimes are usually performed by cybercriminals, who are holders of technical knowledge about internal computer systems and electronic devices, programs, and networks.
Cybercrime can occur in different ways and for different reasons. In general, users who become victims end up having their information and data stolen or their accounts hacked by criminals, which often results in episodes that can bring disastrous and immense damage to the victims.
Therefore, it is ideal to establish preventive security measures before attacks occur. There are currently many ways to ensure greater protection of your data and information.
Keep reading the article and learn more about the problem of data theft and what should be done as preventive measures.
The Biggest Data Thefts of Recent Years and the Current Cyber Scenario
We all know that cyber vulnerabilities are not a current issue. However, with the evolution of technology and virtualization growing in all areas of society, cybercrime becomes more and more frequent, creating a critical problem that deserves a lot of attention from the digital security industry.
One of the biggest challenges is to keep up with the evolution of these crimes, because as technology advances, crimes become increasingly strategic and sophisticated, requiring even more technological advances and security efforts, in addition to repeating a cycle that is difficult to prevent.
According to data from FortiGuard Labs, the year 2020 had 41 billion attempts of cyberattacks in Latin America. The good news is that while these attempts are taking place, the cybersecurity industry has also worked hard and strengthened itself to ensure as much security as possible for digital media and to weaken this cycle of attacks.
To get a sense of the scale of this problem, here is a summary of the top 5 data thefts in recent years.
Solar Winds: The Biggest and Most Sophisticated Attack in History
In 2020, Solar Winds, an information infrastructure company, suffered what can be considered, according to Microsoft’s President Brad Smith, as “the biggest and most sophisticated attack the world has ever seen”. This is because several tactics and techniques of cyber invasion and espionage were employed.
Cybercriminals have inserted malicious software into Solar Winds’ monitoring software update that has been sent to up to 18,000 customers. These include Microsoft companies and the US Departments of Energy, Justice, and Nuclear Safety. But it was FireEye, one of the Solar Winds’ client companies, the first victim to identify the attack.
In the Microsoft attack alone, according to its president, at least a thousand engineers took part. Ongoing investigations indicate that the operation is very complex and surprising even for specialists, as it combines very advanced and stealthy techniques, which have bypassed the radar of the most experienced security specialists. This made everyone apprehensive about a critical vulnerability in the technology infrastructure.
Colossal DDoS Attack Against Dyn
Dyn, an American company of DNS (Domain Name System) services, has suffered a DDoS attack, which, in general, is a type of attack that intensifies data traffic and overloads a certain server, making it unavailable to users.
This attack caused a system crash for all the company’s customers in 2016, who had virtual newspapers and magazines from the United States and other large companies among them: Amazon, Netflix, PayPal, Spotify, Tumblr, Twitter, GitHub, Xbox Live, and PlayStation Network.
It was an event known as “The American Internet Blackout”, one of the biggest DDoS attacks in recent times.
ASUS Automatic Updates
One of the largest laptop manufacturers in the world, ASUS, was the target of a cybercriminal attack in 2018, with an automatic software update that infected nearly 1 million users worldwide.
The attack targeted 600 computers, but the malware spread and reached more users. As the attackers used the company’s legitimate security certificate during the action, it was almost impossible to raise suspicion.
This type of crime can increase users’ distrust and lead them to avoid machine upgrades, which can raise the level of vulnerabilities and cause even bigger problems.
STJ: Great Cyberattack in Brazil
Brazil is one of the countries with the highest number of users connected to the Internet, and according to the Internet Security Threat Report, released in 2019, the country occupies third place in the ranking of cyberattack attempts, fourth in bot attacks, and seventh in crypto-jacking.
As might be expected, government agencies are not left out of vulnerability to cybercrime. In Brazil, the biggest data attack involved the STJ (Supreme Court of Justice), a target of the ransomware action, which invaded more than 1,200 servers of the institution and destroyed the backups on the machines.
On the scale of this attack, Marta Schuh, Director of Cyber Insurance at the international broker Marsh, stated that: “It was like the STJ databases could be placed inside an incinerator.” As expected, the criminals offered to ransom the information in exchange for a sum of money.
Leak of Sensitive Data from Over 100 Million Americans
Paige A. Thompson, a former Amazon employee, was responsible for hacking the database of Capital One, a US financial institution, compromising the data of more than 100 million Americans and 6 million Canadians by obtaining access to personal data of credit card requests.
Although the affected information does not contain the users’ credit card numbers, as Capital One claimed, the damage will cost around $150 million to boost the institution’s digital security.
Are you enjoying this post? Join our Newsletter!
Newsletter Blog EN
What Should Be Done to Remedy the Theft of Information and Data?
When an organization experiences a security incident, such as cybercrime, it needs to act promptly and quickly. We are not always prepared to deal with situations like these, but it is necessary to remain calm and take action.
Of course, actions should be taken according to the specific type of attack that took place and what was actually stolen or hacked into.
Therefore, carefully read the possibilities listed below on which procedures should be taken in these cases and see which ones fit best for you.
Identify the Action of the Intruders
It is important to find out how the criminal action took place and what data was disclosed.
Thus, the procedure must take place so that the necessary measures are taken in order to restrain the results of the crime and prevent further invasions.
You can start an investigation through companies specializing in cybercrime and hard evidence.
Look for Evidence of Crime
When becoming a victim of a cybercrime, if possible, you must record the evidence of the crime.
In this sense, it is worth noting that the most correct and secure means is through specific solutions that allow the recording of all actions performed in the environment.
This can even assist in the incident remediation process, reducing operational and downtime costs.
Change Your Passwords Immediately
Another important action to be taken if you have suffered a cyberattack in which there was data theft, and also one of the ways to minimize the problem, is the immediate change of your passwords, whether for emails, networks that may be related to the theft, or for your systems.
This will prevent criminals from continuing to develop other types of damage that can be done by using your stolen data.
Check the Backup of Your Files
The use of software that backs up your information and data automatically and efficiently is a preventive measure that can help a lot in these moments.
If you have already performed this procedure, the chance of recovering your information will be much greater, so check the backup of your files and see if you can recover them.
Communicate About Information Leaks
If the information that was leaked is related to other individuals, such as employees or consumers, they must be informed about what happened and about the measures being taken about the case.
This behavior is an ethical measure, which must be carried out clearly and objectively.
Analyze the Weaknesses that Made the Invasion and Theft of Your Data Possible and Invest in Security
In addition to looking for those responsible for information leaks, it is important to recognize the limitations and deficiencies that allowed intruders access to your system.
When recognizing them, it is essential to take appropriate action so that future losses are avoided.
But What Can You Do to Prevent Data and Information Theft in Your Company?
Now that we have already talked extensively about the current cybercrime scenario involving data theft and what should be done when these incidents happen, it is time to present the main measures to prevent data theft.
One of the worst scenarios involving cyber incidents is just reacting when they happen. The best cybersecurity frameworks encourage prevention practices and the development of secure processes and projects from the beginning.
So, learn what you can do today to improve your cyber posture in the face of information theft.
Invest in Privileged Credential Management
To ensure information security, you need to develop prevention practices regularly, such as managing your company’s privileged accounts.
A solution that does not provide this function leaves the security of your information with many loopholes, which makes a cyberattack possible.
With this capability, your company can manage all active privileged credentials and confirm the privilege level of each one, verifying it is appropriate for such users to have access to certain environments, in addition to being able to revoke credentials that are no longer required, such as from former employees.
To avoid the risk of information being leaked, besides verifying access to privileged credentials, it is important to properly manage it through the automatic change of passwords.
Prioritize Strong Backups and Passwords
This practice is very simple and, at the same time, essential. Through a Privileged Access Management (PAM) solution, one can implement effective credential management and make associated passwords available to users, however, it is necessary to have some kind of guarantee that all privileged credentials have strong passwords, difficult to be broken with the use of malicious software.
The ideal is to guide the user to create a complex password that mixes upper and lower case letters, numbers, and special characters, with at least 8 characters.
In addition, the backup appears as one of the last options for data protection, which guarantees that even with leaked and/or deleted information, the company has access to all elements protected by the privileged access management solution.
Implement Two-Factor Authentication Mechanisms
The main solutions on the market require two-factor authentication from the user, usually through an OTP (One-Time Password). It is also possible to send an SMS or an email with a confirmation code for someone to be able to use the privileged credential.
This type of capability makes it difficult for unauthorized people to use the privileged user’s credentials.
The use of multifactor authentication (MFA) comes as a tool to prevent attacks from cybercriminals seeking to get hold of important information, such as credentials and passwords. MFA brings greater security to user data, through additional authentication, as well as, of course, the already known password.
Have Emergency Access
If any kind of security incident occurs that puts your company at risk, it is necessary to rely on one last capability of the security system, something like “glass breaking”. In the event of any type of failure or even a cyberattack, the person responsible for data security has the autonomy to remove privileged credentials through a dedicated backup file.
Finally, the access report is essential so that the person in charge has a broad view of the actions carried out through the privileged sessions, in order to allow the identification of security gaps and possible points for improvement.
PAM As a Way to Prevent Data Theft
A PAM solution is one of the main ways to guarantee the protection of a company’s confidential information and that all activities are tracked and audited.
Privileged Access Management, also called Privileged Identity Management, enables organizations to protect their privileged credentials. In addition, PAM ensures the effectiveness of least privilege policies by reducing attack vectors and possible data leaks.
Gartner believes that a PAM solution helps organizations securely provide privileged access to critical assets and meet compliance requirements by managing and monitoring privileged access and accounts.
Basically, a PAM solution works as a secure credential repository for devices installed in the environment. Based on the management of user privileges, one can allow users to access only the data required for them to perform their activities. Thus, the information security team can configure user access profiles, avoiding improper access to systems and data.
Learn About the senhasegura Solution
In order to avoid data theft and traceability of actions in networks, databases, servers, and devices, senhasegura works to ensure digital sovereignty for institutions in several areas.
The solution is recommended for companies in the following scenarios:
- Companies with more than 10 users.
- Companies that received points of attention in auditing.
- Companies that must comply with cybersecurity rules and regulations.
- Companies that want to implement the best security practices.
- Companies that have suffered a security incident.
- Companies that need to reduce operating costs.
senhasegura allows companies to implement the most strict and complex controls on access to privileged credentials in an automated and centralized manner, protecting the IT infrastructure from data breaches and potential compliance breaches.
It is also ready to meet business and market compliance requirements such as LGPD, GDPR, PCI DSS, SOX, NIST, HIPAA, ISO 27001, and ISA 62443.
Did you like our article and would like to have more details? senhasegura strives to ensure the sovereignty of companies’ actions and privileged information. To do so, we work against data theft and through traceability of administrator actions on networks, servers, databases, and a multitude of devices through a PAM solution.