By Greg Young
Vice-president of cybersecurity at Trend Micro
It has been over a year since Canadian businesses have been mandated to report a cybersecurity breach. It’s no surprise that the threat landscape is increasing and breaches have become so common. But what happens to a businesses’ confidential information or customers’ personal details after a breach occurs? Where does the information go? And, because once a breach has taken place and the compromised data continues to remain susceptible to other attacks, what control – if any – do businesses or consumers have, to protect themselves from it happening again?
Where Does it All Go?
Once private data has been stolen, it typically ends up in one of three places:
- With the hacker – in some cases, cybercriminals simply hold on to the information they have stolen until they have further use for it, or as the plan follow-up attack.
- On the black market – stolen data is bought and sold on the black market. (WHY?)
- Shared publicly – as seen with a major recent financial services breach, data can also be published publicly and made readily available in a searchable public form rather than just stealing it.
The reality is that cybercriminals can exploit victims of a data breach that happened as far back as half a decade, which was seen earlier this month when a new extortion campaign threatened the victims of the 2015 Ashley Madison breach. This is unsettling, but also unsurprising. Once posted publicly on the internet, private information can easily be stolen, and those who own them are left with little to no control over who accesses their data. The blackmail may not just affect the victims themselves, but also people related to them, and breached personal data can even be used to attempt to breach the companies the victims work for.
The reuse of exposed personal information can be done not just for extortion, but also for other attacks such as credential stuffing. Credential stuffing is the automated injection of breached usernames and passwords with the use of botnets in an attempt to access online services.
Taking Control and Warding of A Potential Breach
There are three important steps that businesses must take in order to maintain control and prevent being impacted by a potential cyber breach:
- Be prepared: Don’t wait for a breach to happen before determining how to cope. . Having a crisis management plan from a technical, business and communications perspective is imperative. This can prevent giving attackers time to return and erase their trails and any indication of the identity of the attacker and what information was stolen.
- Monitor: Be vigilant in where and how data is stored. Enable secure storage spaces, and protect not just endpoints, but all components of multilayered systems. Also, most large breaches have several steps in the chain, so increased monitoring and vigilance around phishing and targeted attacks are also essential to preventing breaches from occurring.
- Educate: It is imperative for businesses to continue to learn about new technologies, for instance machine learning, which can be used to provide adequate security for the business and its’ customers.
Today’s threat landscape is so wide and varied, it requires round-the-clock monitoring, full visibility into IT environments and a multilayered approach to keep hackers at bay.