Monday, 15 July 2019

How to Prevent Insider Data Breaches at your Business

Guest article by Dan Baker of SecureTeam

Majority of security systems are installed to try and forestall any external threats to a business’ network, but what about the security threats that are inside your organisation and your network?

Data breaches have the potential to expose a large amount of sensitive, private or confidential information that might be on your network. Insider threats are a significant threat to your business and are increasingly being seen as an issue that needs dealing with.

SecureTeam are experts in cybersecurity and provide a variety of cybersecurity consultation solutions to a range of businesses. They have used their extensive knowledge of internal network security to write this handy guide to help businesses protect themselves from insider data breaches.

Who is considered an Insider Threat?

Insider threats can come from a variety of different sources and can pose a risk to your business that you might not have considered.

Malicious Insider 
This is when an employee who might have legitimate access to your network has malicious intentions and uses that access to intentionally leak confidential data. Employees who intentionally provide access to the network to an external attacker are also included in this threat.

Accidental Insider
This is when an employee makes an honest mistake that could result in a data breach. Something as simple as opening a malicious link in an email or sending sensitive information to the wrong recipient are all considered data breaches. The main cause of accidental insider data breaches is poor employee education around security and data protection and can be avoided by practising good security practices.

Third Party
There is a data protection risk that arises when third-party contractors or consultants are provided with permission to access certain areas of the network. They could, intentionally or unintentionally, use their permission to access private information and potentially cause a data breach. Past employees who haven’t had their security access revoked could also access confidential information they are no longer entitled too and could be seen as a threat.

Social Engineers
Although this threat is technically external a social engineers aim is to exploit employees by interacting with them and then attempting to manipulate them into providing access to the network or revealing sensitive information.

Data breaches from internal threats have the potential to cause the loss of sensitive or confidential information that can damage your business’ reputation and cost you a significant amount of money. There are some ways you can attempt to prevent insider data breaches, however. 

How to prevent Data Breaches

There are a few simple ways you can try to prevent an internal data breach, including:

Identify your Sensitive Data
The first step to securing your data is to identify and list all of the private information that you have stored in your network and taking note of who in your organisation has access to it. By gathering all of this information you are able to secure it properly and create a data protection policy which will help keep your sensitive data secure.

Create a Data Protection Policy
A data protection policy should outline the guidelines regarding the handling of sensitive data, privacy and security to your employees. By explaining to your staff what they are expected to do when handling confidential information you reduce the risk of an accidental insider data breach.

Create a Culture of Accountability
Both employees and managers should be aware of and understand their responsibilities and the responsibilities of their team when it comes to the handling of sensitive information. By making your team aware of their responsibilities and the consequences of mistakes and negative behaviour you can create a culture of accountability. This also has the more positive effect of highlighting any issues that exist before they develop into full problems which can then be dealt with training or increased monitoring.

Utilise Strong Credentials & Access Control
By making use of stronger credentials, restricting logins to an onsite location and preventing concurrent logins you can make your network stronger and remove the risk of stolen credentials being used to access the network from an external location.

Review Accounts and Privileged Access
It is important that you regularly review your user's privileges and account logins to ensure that any dormant accounts no longer have access to private information and that users don’t have unnecessary access to data. This helps to reduce the risks of both accidental and malicious insider data breaches.

Conclusion
The threat of an insider data breach continues to be an issue to businesses throughout a range of sectors. However, by putting a plan in place for these insider security threats it improves the speed and effectiveness of your response to any potential issues that arise.

It is sensible to assume that most, if not all, businesses will come under attack eventually and by taking the threat seriously and adhering to the best security practices then you can help to prevent an attack turning into a full-blown data breach.

Monday, 1 July 2019

Cyber Security Roundup for June 2019

Keep Patching!
June 2019 was another very busy month for security update releases. Microsoft released updates to patch 22 critical rated vulnerabilities, Intel released 11 fixes, and there were also several critical security updates for Apple Airport, Adobe Flash Player, Cisco devices, Cisco Data Centre Network ManagerDell SupportAssistGoogle Chrome, Firefox and Apache.  One further standout vulnerability was the "SACK Panic" TCP Linux and FreeBSD kernel vulnerability, uncovered by Netflix researchers, however, Microsoft released a security advisory in regards to TCP SACK Panic by the end of the month.

The National Security Agency (NSA) backed up UK National Cyber Security Centre (NCSC) and Microsoft’s continuing strong recommendations for everyone to apply the latest security updates to all versions of Microsoft Windows, including the unsupported XP, Vista and Windows 2003 Server, to protect against the supercritical CVE-2019-0708 “BlueKeep” vulnerability.

More Major Ransomware Attacks coming to the UK?
We all know the United States government famously takes a stand of no negotiation with terrorists and kidnappers, with the specific policy of never paying ransom demands. There is a good reason for this policy, as paying ransoms just serves to encourage further kidnapping and ransom demands. So it was interesting to learn this month, that US local government does not adhere to the same policy when dealing with ransomware demands. Rivera Beach (Florida) paid a whopping $600,000 ransom to hackers after its computers systems were taken over by ransomware after an employee clicked on a link within a phishing email. Phishing emails are the typical starting ingress of most mass ransomware outbreaks which cripple organisations.  The Lake City (Florida) government officials said they had also paid a $460,000 ransom to cybercrooks following a ransomware attack on their municipality on 10th June.  Meanwhile, Baltimore officials approved $10 million to cover ongoing expenses related to its ransomware attack.

Paying ransomware demands will fuel further ransomware attacks, so I expect ransomware attacks to further escalate. So the big question is, can we expect UK further local government authorities and large organisations to be hard hit by mass ransomware outbreaks? The answer to that will come down to how well their patch management is, and whether lessons have been truly learnt from the destructive 2017 WannaCry ransomware outbreaks, which took down a number of NHS services. Given the recent BlueKeep Microsoft Windows critical vulnerability is expected to spark new strains of ransomware in the coming months, ransomware very much like WannaCry with the devasting capability of rapidly infecting and propagating via unpatched Microsoft Windows systems connected to flat networks, we shall soon find out.

Data Breaches
No major UK data breaches were reported in June 2019, but on the other side of the pond, a misconfigured AWS S3 bucket managed by a data integration company led to confidential data from Netflix, TD Bank, Ford and other companies being exposed. And a misconfigured MongoDB database resulted in 5 million personal records left open to the public via a website. Data breaches caused by misconfigured cloud services operated by third parties is becoming a bit of regular theme.

APT10 Cloud Hopper Campaign further Exposed
An interesting article by Reuters revealed eight of the world’s biggest technology service providers were successfully hacked by APT10 aka 'StonePanda'. APT10, linked to China hackers, operated a sustained campaign over a number of years dubbed “Cloud Hopper”, which Reuters revealed affected Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology. The ATP10 attackers searched for access points into networks an IT systems, when found, extracted confidential information and potential trade secrets. These reported hacks may well be the tip of the iceberg. The Register stated, having gained access to the major service providers, the APT10 group may have gained access to many of their customers. Those customers run into the millions, “dramatically increasing the pool of valuable industrial and aerospace data stolen.”

BLOG
NEWS

VULNERABILITIES AND SECURITY UPDATES

HUAWEI NEWS AND THREAT INTELLIGENCE
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS