Large-scale Data Breaches Signal Need for Increased Vulnerability Management

January 28, 2021
IT Security, IT Services

Less than three weeks into 2021, a Texas-based spinal care center revealed that an unauthorized individual gained remote access to an employee’s email account in an attempt to fraudulently divert funds from the organization. It’s among the first of what may be many, many more data breaches that occur this year.

Despite the availability of sophisticated security tools, protocols and intelligence, breaches continue to occur.

The reality is that you can never overdo IT security and data protection, much less let your guard down. Cyber attackers are relentless. Even government agencies and the largest, most well-funded enterprises are vulnerable.

While cybercrime and human-perpetuated data breaches can’t be eliminated — yet anyway, lessons can be learned to help strengthen your security posture and minimize or mitigate damage should your organization be attacked.

Federal Agencies Attacked

In 2020, a major cyberattack — likely backed by a foreign nation — penetrated multiple government entities, including the US Treasury Department, the Department of Justice and even the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

The attackers exploited software or credentials from at least three US technology firms. Numerous federal cybersecurity recommendations made by the Government Accountability Office and others hadn’t been implemented, contributing to the government agencies’ vulnerability. 

The Steelcase Attack

Also in 2020, the world’s largest office furniture manufacturer suffered a Ryuk ransomware attack. In its SEC filing, Grand Rapids, MI-based Steelcase said it detected a cyberattack on its IT systems October 22 and immediately implemented a series of containment and remediation measures to address the situation.

The bad news — those measures required Steelcase to shut down most of its global order management, manufacturing and distribution systems and operations for nearly two weeks. The good news — the company’s forensic investigation found no evidence that exfiltration of sensitive business data occurred.

Steelcase wasn’t the lone victim of Ryuk ransomware. Other victims that same week included six US hospitals, the French IT consulting firm Sopra Steria, and the Italian power company Enel Group.

These incidences illustrate that companies of all sizes and across all industries are at risk. They also show that it’s possible to at least contain some of the damage.
 

Lower Holiday-induced IT Stress. Our eBook Shows You How.

 

The FireEye Theft

Perhaps even more disconcerting than the Steelcase breach, on December 8 the $3.5 billion cybersecurity firm FireEye announced that its own systems were penetrated by what it called “a nation with top-tier offensive capabilities.”  It’s suspected that the attack was linked to those that affected numerous US government agencies.

FireEye, whose work includes identifying the attackers behind some of the world’s most notorious breaches, reported that there’s no indication that customer information related to its incident response and consulting engagements was stolen. However, the attackers did steal tools the company's experts use to test the security of its customers. It was the biggest known theft of cybersecurity tools since those of the National Security Agency in 2016.

Fortunately, FireEye was exceptionally transparent about the breach, so that vendors around the world could protect their customers against the stolen tools. The company published indicators of compromise (IOCs) and detection rules and signatures for a variety of popular open-source detection technologies. A list with the Common Vulnerabilities and Exposures (CVE) identifiers of all vulnerabilities exploited by the tools was also published on FireEye’s GitHub account.

Note: US Signal used the information released by FireEye to add additional detection capabilities and verify that there are no vulnerabilities on that list that were not patched.
 

Mitigate DDoS Attacks with These 10 Tips

 

What Does It Mean for You

If large enterprises, global cybersecurity firms and the federal government can’t stop cyberattacks or breaches due to human actions, what hope is there for small- to medium-size businesses? After all, even though ransomware attackers are going after higher-value targets, any organization that uses the internet, Bluetooth, text messages or any online services is at risk. And without proper attention to detail, a small vulnerability can cause a massive data breach.

There’s no single solution to the dilemma. However, there are steps your organization can take to ward off attacks and detect them early if they do occur so damage can be minimized. We’ve talked about many of them before but they bear repeating:

  • Make IT security and data protection business priorities and keep them top of mind.
  • Develop and implement strategies to help prevent issues and to minimize damage if they do occur. Revisit them frequently and/or test them to ensure their effectiveness. Make adjustments as necessary.
  • Stay on top of current and emerging threats.
  • If you don’t have the time resources to handle bullets 2 and 3 above, consider working with a managed services provider that does. Vet any potential partner/provider carefully to make it sure it can deliver the expertise and assistance you require. While you’re at it, supplement your internal security and data protection efforts with those of the managed service provider if it specializes in those areas.
  • Stay current with audits for regulatory compliance and industry certifications.
  • Conduct frequent vulnerability scans — internal, external, agent-based scans or a combination of any of them — and take action on the findings immediately. If you can’t take on all the necessary actions, prioritize as needed.  
  • Implement monitoring systems that check for anomalies and suspicious behavior as well as monitor system performance. Consider third-party remote monitoring that offers services and support 24/7.
  • Patch and update software as soon as options are available.
  • Employ high-grade encryption for sensitive data.
  • Install next-generation cloud-based firewalls. 
  • Take advantage of security tools and services that provide multi-layer, unmetered DDoS mitigation and protect against SQLi attacks, dangerous file upload attacks, content scraping and more.
  • Upgrade all devices when the software is no longer supported by their manufacturers.
  • Educate employees on security best practices and ways to avoid social engineering attacks.
  • Enforce strong credentials and multi-factor authentication to encourage better user cybersecurity practices.
  • Enforce BYOD security policies, like requiring all devices to use a business-grade VPN service and antivirus protection.
  • Frequently test all components of your IT security and data protection strategies.

Most important, don’t make it easy for cybercriminals. Stay vigilant. For more information on protecting your IT assets and data, take advantage of the free resources available from US Signal.

Or contact US Signal to discuss how we can help bolster your organization’s defenses against data breaches and cybercrime.  Call (866) 274-4625  or email [email protected]