Cyber News Roundup: When a Security Breach Strikes, Beware the Dark Web

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

The term data breach is now part of our everyday, ever-expanding language, but is not as fun to use as these new words that have been recently added to the Merriam-Webster dictionary in 2018: zoodles, bingeable, adorbs, guac, predictive, airplane mode, hangry.

More than 146 billion records will be stolen by 2023 because of cybersecurity breaches, with the United States accounting for half of this breached data, according to a recent study from Juniper Research. In another study published this week, The Challenging State of Vulnerability Management, Balbix and Ponemon Institute found that one in three enterprises can’t protect themselves from data breaches.

While “data breach” isn’t yet officially in the dictionary, we know what a data breach is—a confirmed incident in which sensitive, confidential, or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion—and how it can wreak havoc on an organization and an individual. Are data breaches becoming more common? At first guess, we would say yes, as we certainly hear about them frequently. Yet, according to a Forbes article, Marc Groman, former senior advisor for privacy in the White House says, “it may be that data breaches are not actually becoming more common. What has changed are the laws across the US and world that now require companies to report data breaches…So what has changed is that announcing data breaches has become more common.”

Why do so many organizations continue to experience security breaches? There are several reasons, states Groman:

  • Companies still do not invest adequate resources in data security and cybersecurity
  • Companies implement cookie cutter data security programs that don’t actually address the most significant risks
  • Companies that produce software and hardware routinely put products on the market that have bugs and vulnerabilities
  • Many data breaches are caused by human error or negligence
  • Many compromises are caused by people clicking on links in phishing emails or in pop ups

The TechRepublic article, 4 ways your company can avoid a data breach emphasizes that the volume of data breaches is only expected to grow in size, frequency, and impact over the next year. The article offers ways for businesses of all sizes to avoid cyber breaches:

  1. Fully discover your attack surface—everything that touches your network, and every way it might get attacked
  2. Understand your overall cyber risk and the specific business risk of each asset if it were breached
  3. Use risk-based analysis to prioritize which fixes SecOps and IT teams should work on, postpone, and ignore
  4. Make SecOps and IT more productive by automating the discovery of asset inventory and vulnerabilities, as well as the creation of prioritized fixes and resulting tickets

“Recognizing a cybersecurity attack isn’t always that easy,” according to Michael Sorokin who authored the article How Small Businesses Can Shorten Breach Detection Time. “One of the most pernicious aspects of a cybersecurity breach is the length of time threat actors often lurk on a network before the victim discovers a breach.” The average time is 101 days, based on findings from FireEye’s Mandiant 2018 M-Trends report. The article recommends the latest generation of endpoint detection and response (EDR) technology, suggesting that paired with security best practices, tools like these can help detect a breach early and minimize damage from attacks that could be lurking inside your system.

So, what happens to data when it does get compromised, leaked, or hacked? An article in South China Morning Post sheds light on the dark web. Reporter Simone McCarthy writes, “Whether it is coming from headline-grabbing website hacks or small-scale hacks of gaming apps and online shops, stolen data often ends up on the dark web. Disparate pieces of personal data released on the dark web can be linked together to build a more detailed profile, using unique data points such as an email address or a password as identifiers.”

Sometimes, the data sets from breaches are sold and sometimes they are openly released on the dark web. The article reports that a data set with information on 900 million accounts was posted on the dark web. This data includes email addresses, unencrypted passwords, and account names. “If a hacker wants to gain access to a company network with excellent cybersecurity, he does not necessarily need to execute elaborate coding. Instead, he could run a dark web data search for email addresses with that company’s domain name that have been leaked along with passwords from hacked websites.”

“If a hacker really wants to target you, then chances are he’ll succeed. But if he’s not after you and you’re well protected, well, then he’ll go after one of the other 6.5 billion accounts,” warns Michael Gazeley, managing director of Network Box.

Cyber Oregon partner blog post of interest