Data breaches are nothing new, but they have been on the rise over the last couple of years. Major corporations have had their sensitive data compromised and have put millions of people’s banking and other personal information in the hands of cybercriminals. For example back in 2013, Target experienced a major data breach that exposed credit and debit card information from 40 million customers. All the way back in 2007, the TJX companies experienced a major breach in which almost 46 million cards were compromised.
In 2015 many major corporations found themselves in the news due to a data breach. Although it may have been a bad year in terms of cybercrime, there are lessons we can learn from these data breaches on how to better protect our businesses from attack. Here are two of the biggest data breaches of 2015 and how we can learn from them.
Office of Personnel Management
The Office of Personnel Management is referred to as “an independent agency of the United States government that manages the country’s civil service.” Essentially, the Office of Personnel Management is the United States government’s human resources department. They track applications, hold employee records, and process and manage security clearances of thousands of government employees. A long-running data breach was discovered in April of 2015 and was announced to the public in June.
What is unsettling is that this breach in particular went undetected for almost a year. So how exactly did a major government agency get hacked for so long without anyone knowing? The investigation into the data breach (that went undetected for 343 days) found that someone (or a group of individuals) stole credentials from a government contractor and used it to access the network and plant a malware backdoor. The activity was discovered when finally someone noticed unusual SSL traffic in the network in conjunction with a decryption tool.
One key takeaway from this is the importance of credential management. System managers need to establish rules in their server operating systems, cloud platforms, and applications that keep an eye on which users are accessing the network as well as which users have access to what. With these rules in place, the system administrator would have been able to track the contractor’s activities through credential log-in and even notify if activity was being conducted under the user’s credentials that may have been out of the norm. However, the more important takeaway from this is the need for an all-encompassing antivirus solution that would have been able to detect the malware backdoor on the network and keep it from accessing sensitive data.
Stay tuned for part 2 where we examine the Hacking Team data breach and how credential management and password security could have stopped the hack from happening.