{"id":3963,"date":"2016-10-28T07:19:37","date_gmt":"2016-10-28T07:19:37","guid":{"rendered":"https:\/\/www.happiestminds.com\/blogs\/?p=3963"},"modified":"2026-05-12T05:16:33","modified_gmt":"2026-05-12T05:16:33","slug":"data-breach-and-cyber-attacks","status":"publish","type":"post","link":"https:\/\/www.happiestminds.com\/blogs\/data-breach-and-cyber-attacks\/","title":{"rendered":"Data breach and Cyber attacks"},"content":{"rendered":"
<\/div>

Data breaches and cyber-attacks are two terms that are increasingly making headlines in the world of Cyber security.\u00a0 Cyber-attacks are made to create data breaches and there are very few data breaches without cyber-attacks,<\/span> which can be effectively mitigated through robust managed security services. <\/span>\u00a0The first has a causal relationship with the second.<\/span><\/p>\n

Let us quickly look at some of the top data breaches just this year (till September 2, 2016) across industries.<\/span><\/p>\n\n\n\n\n\n\n\n\n\n\n
S.No.<\/b><\/td>\nInstitution<\/b><\/td>\nWhat was stolen<\/b><\/td>\nPotential damage caused<\/b><\/td>\n<\/tr>\n
1<\/span><\/td>\nFACC \u2013 An Austrian Aerospace parts manufacturer that has Airbus and Boeing as its clients.<\/span><\/td>\nIntellectual property like designs and process documents<\/span><\/td>\nApprox. US$ 54.5 million<\/span><\/td>\n<\/tr>\n
2<\/span><\/td>\nUS department of Justice<\/span><\/td>\nPersonal data of 10,000 Department of Homeland Security employees and 20000 FBI employees. It included names, titles, phone numbers, and e-mail addresses.<\/span><\/td>\nNA (It will be next to impossible to quantify the damages if some of these employees are targeted by terrorists or criminals to get back on the US)<\/span><\/td>\n<\/tr>\n
3<\/span><\/td>\nUC Berkely<\/span><\/td>\nFinancial data of 80,000 Berkeley students, alumni, employees, and school officials of University of California.<\/span><\/td>\nNA (It will be again difficult to quantify the damages here.\u00a0 Fraudsters and extortionists can use financial data. It can also be used to manipulate individuals into sabotaging or stealing classified commercial research)<\/span><\/td>\n<\/tr>\n
4<\/span><\/td>\nSnapchat<\/span><\/td>\nNames, Social Security numbers, wage\/payroll data of 700 current and former employees.<\/span><\/td>\nNA (difficult to quantify the damages, but the possibilities are immense given the nature of information)<\/span><\/td>\n<\/tr>\n
5<\/span><\/td>\nSnapchat<\/span><\/td>\nNames, Social Security numbers, and wage\/payroll data of 700 current and former employees.<\/span><\/td>\nNA (difficult to quantify the damages, but the possibilities are immense given the nature of the information)<\/span><\/td>\n<\/tr>\n
6<\/span><\/td>\n21<\/span>st<\/span> century oncology, Fort Meyers based cancer care company<\/span><\/td>\n2.2 million patient records, including names, social security numbers, doctor names, diagnosis, treatment information and insurance information.<\/span><\/td>\nNA (difficult to quantify the damages, but the possibilities are immense given the nature of the information)<\/span><\/td>\n<\/tr>\n
7<\/span><\/td>\nOracle<\/span><\/td>\nUser names and passwords from 330,000 MICROS POS terminal cash registers<\/span><\/td>\nStill unclear<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00a0<\/span><\/p>\n

The list is endless, however, if we look at the variety of industries that have been attacked, it becomes apparent that every company in every industry will have enough information that will be attractive enough for somebody to steal.\u00a0 Data is the new gold or rather, the new platinum, and a large number of skilled criminals are skimming and scheming for it 24 x 7 x 365 across the globe and across industries.\u00a0 It is not a question of who can be a target but rather when they will be the targets. <\/span>Therefore, having a robust <\/span>managed security services<\/span><\/a> framework in place can be highly beneficial.<\/span><\/p>\n

When looking at data breaches and cyber-attacks these are some of the key questions that we will try to look at briefly \u2013 What could be the possible motives of a <\/span>data breach<\/span><\/a>?\u00a0 What are the methods used for cyber-attacks?\u00a0 What are the key points of cyber-attacks?\u00a0 And\u2026 what can be the top level actions that might help enterprises fight this cyber security nuisance.<\/span><\/p>\n

Data, especially classified industrial and personal data can be used for any number of nefarious purposes, limited only by the ingenuity of the cybercriminal; however two motives stand out \u2013 Financial fraud and Espionage.\u00a0 As per the Verizon 2016, data breach investigation report, 89% of the data breaches had these motives.\u00a0 The other includes fun (yes, people can hack into your system for fun!!), ideology and even grudge (don\u2019t underestimate employees who are given a raw deal by corporations!!).<\/span><\/p>\n

In terms of instruments or methods of cyber-attacks, Phishing is most often the tip of the spear.\u00a0 Legitimate credentials are stolen through Phishing attacks and then all hell breaks loose.\u00a0 Corporations can\u2019t be too careful in safeguarding privileged credentials.\u00a0 They are the \u201cThor\u2019s hammer\u201d for a cyber-criminal.\u00a0 They can be used to destroy even the strongest threat defenses.\u00a0 Almost 75% of all data thefts that happened in 2015 can be attributed to theft of a privileged credential, <\/span>highlighting the need for strong managed security services to continuously monitor, detect, and respond to such threats.<\/span><\/p>\n

Hacking (use of stolen cards, Use of backdoor, Brute force) is followed by Malware (Spyware, Key logger, RAM or brute force) and exploitation of Social media through Phishing as the most rampant cyber-attack method or action is common.<\/span><\/p>\n

Cyber-attacks are focused on the servers mostly, followed by user devices and then on individuals, media, kiosks and networks.<\/span><\/p>\n

At the top level these are some steps that can be taken to prevent data breaches and cyber-attacks. It is good to know the vulnerabilities.\u00a0 Use <\/span>vulnerability <\/span>management system<\/span><\/a> scanning <\/span>to understand which are the vulnerabilities that are being commonly used by the criminals, see if they can be patched and patch them as quickly as possible.\u00a0 Organizational seriousness and agility in patching known vulnerabilities goes a long way in preventing data breaches.\u00a0 A report by BMC and Forbes Insights, reveals that a large number of breaches occur through known and unpatched vulnerabilities.\u00a0 About 44% of breaches occurred after the vulnerabilities had been identified. \u00a0 It is also critically important to prioritize the systems\/vulnerabilities that need to be patched<\/span>, which can be done with the aid of \u00a0 a robust vulnerability management system<\/span>.\u00a0 The same report also cites that this happens because the security and the operations teams have different priorities.<\/span><\/p>\n

Filter e-mails. Educate employees on the modus operandi of the criminals so that they don\u2019t open suspicious e-mails and also understand suspicious activity.\u00a0 Ensure multi-level authentication between user networks and high importance systems.<\/span><\/p>\n

To the extent possible, being up to date on the vulnerabilities that are being exploited by the criminals of today, to the extent possible (near real time threat intelligence) arms you the best in defending against cyber-attacks.\u00a0 If these vulnerabilities can\u2019t be patched, then try to isolate the system or apply change of configuration in a manner that makes it more difficult to break into.\u00a0 Think about replacement.\u00a0 Analyze the changes that have taken place between successive scans or over a period to identify risky changes in configurations and unknown devices in the network.<\/span><\/p>\n

\r\n
\r\n \r\n <\/i>\r\n <\/a>\r\n 0 <\/span>\r\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"

Data breaches and cyber-attacks are two terms that are increasingly making headlines in the world of Cyber security.\u00a0 Cyber-attacks are made to create data breaches and there are very few data breaches without cyber-attacks, which can be effectively mitigated through robust managed security services. \u00a0The first has a causal relationship with the second. Let us […]<\/p>\n","protected":false},"author":147,"featured_media":988,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[546,551],"tags":[400,918],"class_list":["post-3963","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-2","category-data-protection-2","tag-cyber-security","tag-cyber-attack"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/3963","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/users\/147"}],"replies":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/comments?post=3963"}],"version-history":[{"count":2,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/3963\/revisions"}],"predecessor-version":[{"id":15679,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/posts\/3963\/revisions\/15679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/media\/988"}],"wp:attachment":[{"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/media?parent=3963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/categories?post=3963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.happiestminds.com\/blogs\/wp-json\/wp\/v2\/tags?post=3963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}