Unfortunately, the cyber breaches just keep coming….
It seems like it’s now a daily occurrence. Every time I read a technology or business journal/website, I hear about the latest cyber breach.
Here are three recent ones that caught my eye over the past month:
Hotel chain breach – Unsecured database exposes 85GB in security logs of major hotel chains. The unsecured database exposes a vast array of sensitive data belonging to the security systems of a range of hotel properties including Marriott locations.
Breach at US Customs – Traveler images were taken in cyberattack of US Customs and Border Protection. This included photos of travelers and license plates taken in a data breach at a federal subcontractor in May.
Flipboard database compromised – Flipboard announced unauthorized access to some of their databases containing certain users’ account information, including account credentials.
In each of these situations, their client’s/user’s data have been put at risk. And that is just the tip of the iceberg of the cyber breaches and attacks that we all have been reading about.
Top Reasons for Data Breaches
According to InfoSec, the top causes of data breaches in Q1 2019 were:
- Accidental Web/Internet Exposure: Sensitive data is accidentally placed in a location accessible from the Web.
- Data on the Move: Securing data in transit is often a challenge for companies. Using HTTP and other insecure protocols is a common cause
- Employee Error/Negligence/Improper Disposal/Lost: This category covers all data breaches caused by employee negligence.
- Hacking/Intrusion: Data breaches involving an external party (i.e., a hacker) including phishing, malware/ransomware and skimming
- Insider Theft: This category also deals with employees, but covers cases where insiders are intentionally breaching sensitive data
- Physical Theft: Laptops and mobile devices commonly store sensitive or valuable data.Unauthorized Access: Poorly designed or implemented access controls can allow people to access data that they are not authorized for
So at NG2, we not only are hyper sensitive to ensure that our own systems are secure, but we offer a range of services to our clients to make they are as well. These services include:
- System Auditing – Identify unknown areas of risk to your organization’s people, processes, and technology.
- Penetration Testing – Test your network defenses against real-world scenarios and attacks.
- Remediation – Implementation of System Audit/Compliance Assessment Results to eliminate vulnerabilities
- Security Awareness Training – Reduce your organization’s exposure to these threats by training the employees via online courses and simulated phishing attacks.
- Network Security Monitoring – providing security-as-a-service solutions for your IT infrastructure, whether it be in a data center, on premise, or in the cloud.
- Compliance Assessments – Security compliance scanning for PCI, SOX, HIPAA, and HITECH.
The best way to get started is to complete the system audit to provide that baseline of current practices and risks. From there we can help develop a roadmap and priorities.
I look forward to the day that cyber breaches are a thing of the past. In the meantime,
I would be happy to discuss what we are doing at NG2 to keep our data and our client’s data secure.
Dan Grady (here’s my LinkedIn)
If you enjoyed this blog, sign up for exclusive content!