Security controls that are incorrectly configured or left insecure are known as security misconfigurations and put your systems and data at risk. A misconfiguration could result from any poorly described configuration changes, default settings, or a technical problem with any component in your endpoints. Sensitive data left in a database with open Internet access and no authentication is a typical example of security misconfiguration.
In this blog post, we’ll talk about some of the most notable data breaches, their causes, and some strategies for better securing your most sensitive and critical digital assets. As the value of personal information rises, we continue to hear about the sizable number of data breaches and the ripple effects they have on us. No business or individual user is safe from data breaches. Hackers looking to get data seem to be tracking everyone and everything.
How Significant Are Data Breaches?
In the first six months of 2019, there were 3813 data breaches which increased by 54% compared to the previous year, which exposed over 4.1 billion records. Nearly half of the data breaches (43%) impacted small businesses, with 33% linked to social engineering attacks. According to a World Economic Forum report, data breaches rank alongside climate change and natural disasters as the fourth most significant global risk. Not only do they expose private information of home users to the world, but they also cause significant financial loss and harm to brand reputation for businesses. More than one out of four (27%) organizations suffered a data breach caused by unpatched vulnerabilities, with 27% of data breaches caused by human error.
Based on these astounding statistics, 2019 was a landmark year for data breaches, which continue to soar and expose consumers’ most sensitive data. Instead of wondering when the next breach will occur, we ask how we can better avoid it. Some significant security breaches that have occurred so far, along with their underlying causes, are listed below.
Biggest Data Breaches and Causes
One of the largest US financial institutions, Capital One, suffered a massive data breach in July 2019. This is considered one of the biggest hacks in history, with over 100 million users in the US and approximately 6 million in Canada impacted. The primary source of this significant breach appears to be an incorrectly configured AWS S3 bucket that gave an attacker access to private information via a firewall flaw. The hacker seems to have used a well-known technique known as an SSRF (Server Side Request Forgery) attack to exploit this specific vulnerability. Even though Capital One corrected the configuration issue immediately, this incident should serve as a reminder to undertake regular checks and verify that firewalls and WAFs are correctly configured.
Suprema, a top-leading biometric and security technology providing company, witnessed its web-based biometric security smart lock platform, BioStar 2, breached by hackers in early August 2019, with over 27.8m records and 23 gigabytes worth of data breached. An exposed database with substantially unencrypted user data was the main contributor to this breach. Most of the discovered accounts had passwords that were easy to guess or as simple as “Password” or “abcd1234”, which hostile hackers may have used to start account takeover attacks. Once facial recognition and fingerprint data have been stolen, the damage is irreparable. Unlike passwords, facial recognition and fingerprint data cannot be updated to restore the security lost during a compromise. Instead of maintaining a hashed copy of the user’s fingerprints that may be copied and used for malicious purposes, the database saved the users’ genuine fingerprints. Because passwords were stored in plain text across the BioStar 2 database, even individuals who did generate robust and complex passwords could not prevent the researchers from accessing them. Businesses should use the best methods feasible to create appropriate access rules on their secure servers and databases. Additionally, organizations should save a hashed version of the user’s fingerprints rather than the original so that hackers can’t manipulate the data.
Another data breach victim was the popular T-shirt and merchandising website CafePress in February 2019; however, the vulnerability was only discovered in August 2019. More than 23 million of their clients had their personal information compromised by hackers, some of which contained names, addresses, and phone numbers. This serves as a reminder of the benefits of good password hygiene in enhancing the security of web applications and online accounts for businesses and private users. It’s usually advised for users to create strong, one-of-a-kind passwords and perhaps think about utilizing a password management tool that encrypts them to increase password security.
Security Best Practices to Prevent Data Breaches
Businesses are encouraged to follow security best practices to prevent becoming an easy target for attackers:
- To prevent future breaches, to be ready for them, and to know what to do in case they happen, implement, and prioritize cybersecurity training and education for its team members.
- Improve your security posture and keep track of potential security breaches by performing internal audit logs and ongoing system reviews.
- Implement cyber hygiene procedures that will better safeguard the customers impacted by a compromise.
- Maintain open lines of communication within departments and quickly notify customers of any data breaches.
- Put your servers, networks, and other assets under strict protection.
- Always keep sensitive client data in a format that is strongly encrypted.
Data breaches can be prevented to a large extent by properly configuring security systems. Attackers look for security gaps in an application and API components by doing reconnaissance. “Attackers can also exploit misconfigurations to pivot their attacks against APIs.”
Several different security misconfigurations frequently have a detrimental effect on API security and security in general, thereby unintentionally introducing vulnerabilities. A complete security solution should also be able to identify misconfigurations and gaps for APIs and their serving infrastructures.
About the Author
Mosopefoluwa is a certified Cybersecurity Analyst and Technical writer. She has experience working as a Security Operations Center (SOC) Analyst with a history of creating relevant cybersecurity content for organizations and spreading security awareness. She volunteers as an Opportunities and Resources Writer with a Nigerian based NGO where she curated weekly opportunities for women. She is also a regular writer at Bora.
Her other interests are law, volunteering and women’s rights. In her free time, she enjoys spending time at the beach, watching movies or burying herself in a book.