What is a Data Breach?
Internet creates a connected world. Everyone with Internet connection has access to every content that is public over Internet. Data Breach takes place when there is unauthorized access to private, sensitive, confidential, and secret data that has not been made available for public consumption. Most of the times, Data Breach is having negative consequences. Organizations incur huge expenses to manage the impact of a Data Breach for lawsuits, fines, investigations, revenue loss, and reputation loss etc. Primary victims of Data breaches are Business Organizations and Customers/Clients. Data Security should include over-arching goals of Data Confidentiality, Availability, and Integrity.
There have been heightened security risk for continued remote work during pandemic.
Why is stolen data so important?
- Advertising and targeted promotion
- Analytics
- Data Broker selling stolen data
Primary Causes of Data Breach
- Hacking or Malware
- Insider
- Portable Device
- Unintended Disclosure
“From January 2005 to December 2018, Privacy Rights Clearinghouse (PRC) has archived more than 9000 breach events with around 12 billion records. Causes of these breaches are categorized as Insider that intentionally breaches information (INSD), Payment Card fraud (CARD), Physical loss (PHYS), lost or stolen Portable device (PORT), being hacked by someone, or infected by malware (HACK), Stationary equipment loss (STAT), an Unknown method (UNKN) or an unintended Disclosure like sending an email to the wrong person (DISC).” – Reference: Digging Deeper into Data Breaches: An Exploratory Data Analysis of Hacking Breaches Over Time by Hicham Hammouchi, Othmane Cherqi, Ghita Mezzour, Mounir Ghogho, Mohammed El Koutb
Breach Type Distribution
Image Reference: Digging Deeper into Data Breaches: An Exploratory Data Analysis of Hacking Breaches Over Time by Hicham Hammouchi, Othmane Cherqi, Ghita Mezzour, Mounir Ghogho, Mohammed El Koutb
Types of Losses due to Data Breach
- Information Loss
- Business Disruption
- Revenue Loss
- Equipment Damage
- Other Miscellaneous Cost
Life Cycle of a Data Breach for the Organization
- Before the Data Breach – Ongoing activities
- Mitigation
- Preparedness
- After the Data Breach-
- Detection and recognition of Breach
- Response
- Recovery
- Report following the governing law
Primary Data Elements Disclosed in a Data Breach
- Name
- Social Security Number (one of the most Important PII data resulting in Identity Theft)
- Data of Birth
- Phone Number
- Email Address
- Address
- Driver’s License Number
- UserId for an Account access
- Password for an Account access
- Credit/Debit Card Number
- Bank Account Details
- Passport Number
- Medical Records (PHI)
- Emergency Contact Details
- Employment Details like Salary etc.
- Educational Details
- Web Browsing History
- Voter Registration Information etc
- Details of Minors in the family
Root Causes of Data Breach
BYOD security Issues
Data Leakage and Loss, Device Infection, Mixing Personal and Business Use etc are causing security risks when employees are allowed to use their own devices for organizational use.
Hacking
- Footprinting – It is the first step of Haching process.
- Scanning Devices – Hacker buys the same device to simulate the process of attack before the actual attack.
- Account Harvesting Attack – Collection of account information about victims from public Internet
- Social Engineering Attack – Collection of information through different manipulated techniques. Details of Social Engineering Attach is given below.
- Behavior Monitoring Attack – Hackers monitor the victim’s behavior through apps like PlaceRaider etc.
- Scanning – Hackers try to know the details of IT systems of the target organization.
- Probing Attack – Hackers come to know the vulnerabilities of target IT systems and Operating System.
- Enumeration – Hackers try to access the configuration files of the target IT system
- Network Mapping- Hackers have complete understanding and misconfigured the devices.
- Hacking-Target IT systems are being hacked using pivot points.
Social Engineering Attacks
Social Engineering Attack Taxonomy – Overview of our classification of attack characteristics and attack scenarios
Image Reference: Advanced Social Engineering Attacks by Katharina Krombholz, Heidelinde Hobel, Markus Huber, Edgar Weippl
Mechanisms of Social Engineering Attacks:
- Physical ways like Dumpster Diving collecting organization’s trashes
- Social approaches like persuasion or manipulation of the target victim.
- Reverse Social Engineering takes place when the potential victim is manipulated to approach the attacker. Examples -Sabotage, Advertising and Assisting
- Technical Approaches like collection of victim’s details through Internet and Social Media etc
- Social-Technical Approach like Baiting, Phishing
- Modern mechanisms like Fake Accounts in Social Media to manipulate and extract details, Communication mechanisms like WhatsApp etc
- Sophisticated ways like Spear-Phishing and Waterholing
Ransomware and Cryptolockers
- Authorized users need to pay ransom in cryptocurrency to regain the access to their systems.
Cloud Data Breach
- Issues with Cloud Computing and Solutions – Multitenant
- In Public Cloud environment, Data Breach can happen because of Insider Attack as well as Outsider Attack.
Data Breach over Mobile Network
- Wireless WAN Attacks are becoming common as use of mobile devices are becoming very customary in the organizations.
Human Errors causing Data Breach
- Skill based – when the employee does not have the skill to execute the work maintaining organizatio’s security
- Decision based – when the employee cannot take the right decision to protect the organization’s data and assets
- Unconcious error like mis-delivery of data to a wrond receipient is also not very uncommon
- Environment plays a factor– Remote work increased the probability of cause of Data Breach
Other common mechanisms for Data Breach
- Malicious Codes
- Eavesdropping and Man in the Middle
- Data Integrity Attack like Data Modification Attack, Tagforgery and Data Leakage, Replay and Timeliness Attack, Rollback Attack, Collusion Attack, Byzantine Attack etc.
- Insider Sabotage
- Backdoor – In the field of Cybersecurity, a Backdoor refers to the mechanisms that enable authorized and unauthorized users to get around organization’s security measures and get hold of root access to organization’s IT systems, networks, or applications.
Defenses against Data Breach
Infrastructural Components
- Routers, Firewalls, Security Information and Event Management (SIEM) solutions, Intrusion Detection Systems (IDS), Intrusion Protection System (IPS), Honeypots, Data Loss Prevention System (DLP) etc are extensively being used.
- Software Defined Networks are becoming very common nowadays. SDN empowers the software to control the network traffic enabling automation for management of network security.
Access Control
- Discretionary access control (DAC): Administrator of the protected system/data formulates the policies towards allowing access.
- Mandatory access control (MAC): Based on policies of a central authority, access rights are regulated.Used in government and military organizations.
- Role-based access control (RBAC): Role of employee or application considering the related business functions defines the required access level. Commonly used method is modern day organizations.
- Attribute-based access control (ABAC): It is a dynamic method of access control. Here access is dynamically assigned depending on environmental factors (for example, time of day and location) to users, applications and resources.
Multifactor Authentication
- Example of two factor authentication: when One Time Password (OTP) is used in addition to the the password for logging in. A third factor like Face or Palm Image can be used as a third factor with the help of Image Recognition algorithm.
Data Classification
- Data classification like public, internal-only, confidential, sensitive, private etc. Access Levels are influenced by the classification of data.
Data Audit and Data Risk Management, Purging
- Data Audit helps to identify the needs of data security, to make sure tyhe accuracy and consistency of data, to comply with regulatory requirements etc.
- In addition, Data Risk Management processes also help the organization to acquie, store, transform, use data, from creation to retirement, in a controlled fashion.
- Purging is also important activity to retire data that are no longer needed.
Data Encryption and Anonymization
- Encryption is the process of converting the data from a readable format to unreadable, scrambled format. It makes sure that, even if the encypted data goes to a wrong person, it cannot be read and understood.
- Data Encryption is important when data is being transferred from one system/organization to other system/organization (Data in Transit) and when data is remaining in a storage device (Data at Rest).
- Encryption mechanism is bloadly categorized as Symmetric and Assymetric encryption mechanisms. Examples of algorithms that are currently being used for encryption are AES, RSA, Triple DES, RSA etc.
- Anonymization is also a mechanism followed for Data Privacy
Measures against Cloud Data Breach
- Cloud Vendors provide inbuilt multiple layers of defense against all sorts of security breach attempts/attacks.
- There are companies that provide Cloud-based security solutions like WAF (Web Application Firewall) etc.
- For Cloud Platform, fully homomorphic encryption scheme is being proposed for computation over encrypted data with use of databases like CryptDB. Data/Files distributed across multiple storages/databases in Cloud Platform
Control Measures for Human Errors
- Security Training of employees
- Privilege Control for employees
- Account Password Management
Regulatory Policiy for Compliance by Organizations
A few important examples –
- HIPPA
- SOX
- GDPR
Zero Trust and Zero Day
- Zero Trust is security strategy that does assume zero trust for any user and any application. Zero Trust Security Policy provides least-privileged access and implements stricter user authentication.
- A zero-day (or 0-day) attack exploits the vulnerability of a software on the day of its release.
High Impact Data Breaches
- Yahoo data breach (2013)
- First American Financial Corporation data breach (2019)
- Adult FriendFinder Networks data breach (2016)
- Facebook data breach (2019)
- Target data breach (2013)
- US Office of Personnel Management Data Breach (2015)
- MySpace data breach (2013)
- LinkedIn data breach (2012)
- Adobe data breach (2013)
- SolarWinds supply chain data breach (2020)
Reference: https://www.secureworld.io/industry-news/top-10-data-breaches-of-all-time
For more details, please refer to the following URLs:
- https://haveibeenpwned.com/PwnedWebsites
- https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks
Cost of Data Breach
- $4.24m Global average total cost of a data breach
- For 11 consecutive years, Healthcare sector is having the highest cost of breach.
- For details, please refer to: Cost of Data Breach Study
Modeling of Data Breach Risk
The Risk Modelling of Data Breach Risk takes the following theories into account:
- Opportunity Theory of Crime that governs the variables of interest like Number of Vulnerabilities discovered and Investment in IT Security. Increase in the number of vulnerabilities should increase the risk of data breach. And Investment in IT Security Reduces vulnerabilities and therefore should reduce the risk of data breach.
- Institutional Anomie Theory takes care of Economic Indicators. Higher value of economic indicators. Higher value of economic indicators is correlated with higher risk of data breach.
- Institutional Theory considers existence of law requiring mandatory disclosure of data breach incident.
Modeling of Data Breach Risk
Reference: Estimating the Contextual Risk of Data Breach: An Empirical Approach by Ravi Sen and Sharad Borle
Conclusion
- The Cybersecurity situation is getting complicated with the innovations like Blockchain, Artificial Intelligence and Quantum Computing.
- It is no longer only hackers that are active. Nation-supported hacking bodies are becoming active with cyber warfare as well as for stealing proprietory research outcomes.
- Researchers working on Cybersecurity are innovating newer mechanisms to fight with this uprising menace to the stability of societies across the world.