Large and small businesses face daily reminders that the security of their data is under attack by digital pirates, hackers, and cybercriminals. Whether it's an unexpected hacking threat or a newly discovered database vulnerability, these threats require an immediate response. In 2019, the most pressing data security threats relate to:
- “Cryptojacking” of Cloud-Server Databases
In this guide, we’ll help you understand these threats. But first, we'd like to stress the importance of data security by looking at: the latest data breach statistics and compliance laws for data security.
The Latest Data Breach Statistics
During the last decade, businesses have experienced an increase in data hacks—and this is making information security more important than ever. At the time of this writing, Statistica reports that approximately 10,000 data breaches have happened since 2005. Moreover, there were 1,244 data breaches in 2018, resulting in 446.5 million records exposed." Compared to the 157 data breaches in 2005, that's a terrifying increase.
Interestingly, the number of data breaches lowered during 2018, which is probably due to increased security measures being taken by companies and private computer users. That said, the number of exposed records has more than doubled, so the data breaches in 2018 were larger in scale than in previous years.
*Image source: Statistica
The most recent large-scale data breach was an attack against Capital One, which affected roughly 100 million credit card customers in July 2019, but this incident pales in comparison to the following:
- 3 Billion Yahoo Accounts: Hackers compromised the personal information and passwords belonging to billions of Yahoo users in 2013.
- 500 Million Marriott/Starwood Guests: Cybercriminals gained access to the contact info, passport numbers, birthdates, and other information of half a billion Marriott/Starwood hotel guests from 2014 to 2018.
- 146 Million Equifax Accounts: Attackers exposed the social security numbers, names, and in some cases credit card data and drivers’ licenses of 146 million individuals in a 2017 Equifax breach.
Ultimately, if you think you're immune to data hacks because you're a small business, you're mistaken. Smaller companies are just as vulnerable as larger ones:
- 43% of data hacks happened to small companies (of 1-250 employees) in 2015, yet only 14% of small businesses describe their data security strategy as “highly effective.” In the same year, 22% of database breaches happened to medium-sized companies (of 250-2,500 employees) and 35% happened to enterprise-level companies (of 2,500+ employees).
- 60% of small firms go out of business within six months of a serious data hack. Average damages from a data breach for small businesses are approximately $690,000.
- 48% of security breaches result from malicious hackers. Data system failures and user error cause the rest.
If these statistics don't push you to increase your data security, perhaps chance of violating one of the many data security and compliance laws will motivate you.
Compliance Laws for Data Security
Due to the increased number of hacking events, governments around the world have established data security laws that govern how companies safeguard their business and client information. Whether you’re concerned about hacks or not, it’s important to understand your obligations under these laws:
- California Consumer Privacy Act (CCPA): The CCPA holds businesses to a high standard of consumer data security. Under the law, California consumers can demand all data a company keeps on them, in addition to a list of third parties the company shares the data with. The law also empowers consumers to sue companies for CCPA violations—not just in the event of a data breach.
- Federal Information Security Management Act of 2002 (FISMA): FISMA requires federal agencies to establish data protection plans to prevent hacks.
- General Data Protection Regulation (GDPR): The GDPR guards European Union citizens against data hacks. If your company processes the personal information of E.U. citizens, your data policy could fall under GDPR jurisdiction.
- Good Practice Guide 13 (GPG13): The GPG13 is a data protection regulation that applies to businesses operating in the United Kingdom. The GPG13 is required for certain organizations depending 0n the sensitivity of the information under management.
- Health Insurance Portability and Accountability Act (HIPAA): HIPAA safeguards patient data in the United States. If your company process healthcare data for U.S. patients, you may need to conform to HIPAA compliance standards.
- Payment Card Industry Data Security Standard (PCI-DSS): The PCI-DSS seeks to reduce fraud by protecting credit card data. If you handle credit card information in the United States, this law may apply to your company.
- Service Organization Control (SOC2): The SOC2 is a data security and reporting standard that applies to the American Institute of CPAs. It seeks to maintain the security, integrity, availability, and confidentiality of customer information in the accounting industry.
- Sarbanes-Oxley Act (SOX): SOX requires your business to save financial records for at least seven years. This U.S. law seeks to prevent accounting fraud and applies to managerial staff, corporate boards, and accountants in the United States.
As you can see, information security is not only vital for your business due to increased hacking threats—but also because of compliance rules that obligate you to protect information in a specific away.
2019 Data Security Threats
The most pressing risks to information security in 2019 include the following:
Enterprise-Level Ransomware Attacks
In a ransomware attack, hackers install a virus that disables your computer while demanding that you pay a ransom fee to get your system back. These threats have existed for some time, but what we’ve seen so far is just the tip of the iceberg.
*Image source: Wikipedia
Historically, ransomware attackers focused on individual computer users. Businesses and enterprises used to be less vulnerable to ransomware viruses because they had better security and skilled staff who could reestablish a computer system after an attack. However, hackers are now using new technology to infiltrate corporate data systems and hold entire businesses hostage until they pay a fee. To do this, hackers are using “self-propagating ransomware worm viruses.” These viruses rapidly duplicate themselves across a data network—infecting as many systems as they can while deleting backups—until the entire framework is inoperable and the business has no choice but to submit to the ransom.
From the hacker’s perspective, targeting businesses makes sense. Many companies will pay a ransom to get their computers back online and avoid the tremendous costs of losing their data infrastructure. However, hackers know that large enterprises have deep pockets, so ransom payments can be massive.
A prime example of this happened in 2016 when attackers hijacked the Hollywood Presbyterian Medical Center’s computer system—rendering it largely inoperable. The virus encrypted the hospital’s database files, and the attackers demanded 40 bitcoins (a value of $17,000 at the time) for the decryption key. The hospital paid the fee instead of facing setbacks that would have been a lot more expensive.
There are five main types of ransomware viruses that target enterprises and businesses:
- Cryptoworms: Encrypt your computer data, rendering your system unusable until you pay the ransom fee in cryptocurrency. The 2017 WannaCry virus is the most famous example of a cryptoworm (see image above). These viruses are self-propagating, so they spread autonomously throughout a corporate database system.
- Lockers: Hijack operating systems to lock you out of computer files and applications until you submit to the ransom.
- Scareware viruses: Pretend to be antivirus tools while claiming they found "viruses" on your computer. Some scareware spams you with annoying popups and alerts while demanding a payment to remove the supposed virus.
- Doxware viruses: Threaten to release your personal information and photographs on the internet unless you pay a fee. Many victims are so worried that their private photos and data will get released that they immediately the ransom.
- Ransomware as a Service (RaaS): Offer "ransomware as a service" to criminals who want to attack a business data system. RaaS helps non-tech-savvy criminals move forward with a ransomware hijack. Those who host RaaS platforms receive payments in cryptocurrency.
Most ransomware attackers are financially motivated, but in today’s geopolitical climate, hackers may try to harm an organization for political or ideological reasons. Regardless of why a ransomware threat exists, enterprises need to develop strategies for containing a company-wide attack like this. They should also have a data recovery plan in place to restore their data systems in the event of a destructive breach.
Here some important strategies to prevent a ransomware attack:
- Use advanced security software: Install a trusted suite of security and anti-virus software, and keep the software up-to-date.
- Install updates: Keep your operating system updated by installing security patches as soon as they're available.
- Delete untrusted emails: Never open an untrusted email or attachment, and be cautious with attachments from trusted parties if you don't know what it is.
- Delete untrusted attachments: wary of attachments that ask you to "enable macros." Enabling macros could put you at risk.
- Back up everything: Back up important files on an external hard drive that is not connected to the rest of your data system so ransomware has less power of you.
- Migrate to the cloud: Use a cloud-based server system. Cloud-based servers offer high-level security features, and they take periodic snapshots of your files so you can roll back to a previous version after a hack.
- Only pay the ransom as a last resort: Speak with your tech team, a cybersecurity expert, and the police before submitting to a ransom. Hackers might take your money and never liberate the system.
Supply Chain Security Breaches
Businesses have become so good at protecting themselves against database security threats that cybercriminals are being forced to explore backdoor vulnerabilities—essentially, by accessing data systems through “supply chain attacks.”
In database security, a supply chain attack seeks to find a data security weakness through supply chain partners and vendors that connect to your company’s larger data system. It doesn’t matter how advanced your data hygiene practices are. If your supply chain partners are falling asleep at the wheel, cybercriminals can exploit them.
The most famous supply chain attack happened to Target customers in 2013. Attackers infected Target’s point-of-sale (POS) data system across 1,800 stores with malware that compromised the debit and credit cards of approximately 40 million customers. Target spent $61 million responding to the breach, which resulted in a 46% earnings drop in the last quarter of 2013 and numerous customer lawsuits.
Interestingly, the attack happened even though Target (1) installed an advanced database security system six months before the incident, and (2) had a team of cybersecurity experts monitoring the system for threats. Target claims that hackers bypassed these security measures by stealing the security credentials of an air conditioner repair company that serviced Target stores.
To prevent a supply chain attack like this, incorporate the following strategies into your database security plan:
- Use a cyber-threat intelligence service: Cyber-threat intelligence services will prepare you for and prevent supply chain threats before they become a problem.
- Audit your supply chain regularly: Perform supply chain audits by building factory and vendor testing into your data hygiene process. This will help you monitor the security practices of partnering companies.
- Follow all compliance standards: Compliance regulations exist for a reason. Adhering to them will protect your data systems, and help prevent you from getting in trouble with the law and reduce your liability exposure.
- Codify your risk assessment standards: Adopt and follow risk assessment standards for your data system to better identify and resolve threats.
“Cryptojacking” of Cloud-Server Databases
Another rising threat in 2019 is cloud-based server hacking. Even though cloud-based servers like Amazon Redshift employ the most advanced security features, virus detection, and encryption available, these systems aren't very useful if you make configuration mistakes that leave your data available to hackers. Cybercriminals could also obtain access to your cloud system by working with a malicious employee, stealing access credentials, or using phishing tactics.
Here are two examples of recent cloud-based server attacks:
2018 Tesla breach: In 2018, hackers obtained access credentials for Tesla’s Amazon Web Services (AWS) account. The hackers accessed proprietary information from the automaker that included telemetry, mapping, and servicing data for its vehicles. The hackers also installed “cryptojacking” software to mine a cryptocurrency, Monero, which they concealed with sophisticated evasion tactics. Researchers found that the hack happened because Tesla was running the opensource Kubernetes administration console, which administrators left open to the internet with no password protection. Hundreds of other firms, such as Aviva and Gemalto, made the same oversight, giving anyone access to their data systems. Unprotected cloud resources is one of the most common cloud data security vulnerabilities.
2019 Capital One breach: The July 2019 Capital One hack involved an Amazon Web Services (AWS) cloud server. According to a legal complaint, a tech worker exploited a “firewall misconfiguration” to steal private data belonging to millions of Capital One employees. The misconfiguration allowed the tech worker to retrieve security credentials with access to Capital One's sensitive customer data. Amazon claims that the cloud server at the center of the breach was not at fault, and blamed the breach on IT setup and management errors.
To prevent a cloud server breach, follow these security measures:
- Monitor Cloud-Server Configurations Closely: Don't leave your server doors open to the public! Double-check all server configurations, passwords, other security measures with a keen eye for detail. Develop a checklist to ensure your team doesn't miss anything. Also, watch out for changes to your server configuration by hackers. You can do this by launching tools that notify your team of newly created server resources and launches of new applications.
- Hire the right people: Make certain that the cloud server techs you work with have the requisite skills and experience to avoid errors and shore up vulnerabilities when configuring your cloud server system.
- Monitor for Suspicious Behavior: This involves baselining “typical” user activity so you can detect and stop anomalous hacking behavior if it occurs.
- Monitor Network Traffic Activity: Detect suspicious activity that could belong to hackers by monitoring your cloud server's network traffic activity.
- Install Software Patches Immediately: Hackers are always searching for new vulnerabilities, like the EternalBlue server message block (SBM) exploit that allowed the spread of the Wannacry virus. Software developers respond quickly to these vulnerabilities with security patches to stop the exploit. However, you won't benefit from this protection if you don't update your system with new patches.
In this article, we've covered some of the most relevant data security concerns for 2019 and beyond. What's important to remember is that data security and hacking concerns are constantly in flux. As soon as you shore up one vulnerability, hackers will find another. Ultimately, data security trends require constant monitoring so you can swiftly respond to new threats and compliance standards.
Xplenty: Data Integration With the Highest Level of Security
Xplenty is a powerful, easy-to-use data integration platform that extracts, transforms, and loads data from any source into a modern data warehouse. Keeping Xplenty secure is our number one priority. That's why we offer the highest level of security and compliance for all of our ETL data integrations such as:
- SSL/TLS encryption on all our websites and micro-services
- Encryption of sensitive data anytime it's “at rest” in the Xplenty platform using industry standard encryption
- Constant verification of our security certificates and encryption algorithms
- Physical infrastructure hosted by accredited Amazon Web Service (AWS) technology
- Advanced preparations to meet EU General Data Protection Regulation (GDPR) standards
- Operating system access limited to Xplenty staff and requiring username and key authentication
- Firewalls that restrict access to systems from external networks and between systems internally
- A wide array of other security measures.
Keeping your data secure is one of the most important things we do at Xplenty. If you'd like to know more about our data security standards, please contact the Xplenty team now.