Keeping Data Safe Beyond Cyber-Security Month

By Graham Jarvis, Freelance Business and Technology Journalist, Lead Journalist, Business and Technology, Trudy Darwin Communications.

  • 1 month ago Posted in

Securing data is about many things, and a bit like securing an organisation’s Crown Jewels in their own Tower of London. For example, in September 2024, Global Tech Solution revealed in a blog post, ‘The Five Largest Data Breaches of 2024 (So Far)’, that “a hacking group claimed they have stolen 2.7 billion personal records. This includes virtually every person in the United States, Canada and the United Kingdom. The data includes American social security numbers.”

Ticketmaster also suffered a data breach, which exposed millions of customers’ personal and financial data. The hack occurred in April and May 2024, and involved the cybercriminals gaining unauthorised access to Ticketmaster’s database. The miscreants who were responsible for the attack stole personal customer data, such as names, phone numbers and payment information – subsequently highlighting the company’s cybersecurity vulnerabilities.

Abe Brown, writing for the Global Tech Solution Blog, comments: “The impact on the company was immediate, with customers reporting unauthorised transactions and having their identities stolen. This was just one issue that caused the U.S. Justice Department to sue Ticketmaster’s parent company, Live Nation, for anti-competitive behaviour.”

Beyond ticketing companies, he reports that Change Healthcare “experienced a significant data breach, due to a ransomware attack. The attack compromised the sensitive personal information of millions of individuals, making it one of the largest healthcare breaches in history.” Furthermore, IT and telecommunications companies, such as Dell, can also be a target, as no company large or small can think they are immune from a potential cyberattack.

Exploiting weaknesses

Defence organisations are also on the alert. Phil Hill, Global Customer Solutions Lead and Systems Architect at WAN and Data Acceleration company Bridgeworks, talks about a significant spear-phishing attack that was conducted by Chinese hackers. It permitted them to get hold of aircraft technical documents of the F35 Lightning Strike II fighter jet in 2007, enabling the Chinese government to build their own equivalent in the J-31 stealth fighter.

Spear-phishing works by exploiting a weakness in human behaviour. Most of us receive emails from people we know, and that common occurrence can make us too relaxed about opening emails and their attachments. Spear-phishing exploits this by sending emails that use a familiar name, appearing in someone’s email inbox as if it’s someone else.

Hill explains: “People often don’t check if it’s really, for example, Jim Smith because they receive emails from him regularly, and subsequently they open it and are more likely to open an attachment. Once they do this, whatever programs are kicked off will conceivably allow a pathway for the hacker to take control of their system, or to have access to data they wouldn’t normally have access to. In fact, 79% of UK business that suffered a cyber-attack in 2023 identified the attack as being phishing.”

The BCS – the Chartered Institute for IT - reports that the IBM X-Force Threat Intelligence Index, says the methods for initial access to systems and data, are shifting. Patrick O'Connor writes in his article, ‘The biggest cyber-attacks of 2024’: “The use of legitimate credentials is now top of the list, with phishing knocked off the top spot from last year into second. Third place goes to internet facing applications with exploitable weaknesses.”

“This trend is a sign that detection and prevention methods within the security framework are having some success. Breaking into most corporate networks is very difficult without some form of legitimate ‘foothold.’ Another observation from IBM’s team is a possible shift in emphasis for some ransomware groups: rather than encrypting and ‘ransoming’ a company’s data, they prefer to simply steal it. There has been a 266% increase in the use of infostealer software, such as Rhadamanthys, LummaC2 and StrelaStealer.”

The report also finds that 84% of cyber-attacks are on critical infrastructure, such as energy, telecoms, water and so on. It is often accessed by hackers using preventable weaknesses. Despite this, attacks have increased year-on-year by 31%. This highlights, says the IBM report, that there is a need for better asset and patch management, “along with credential hardening and using the principle of least privilege, [which] could have prevented these attacks.”

“Ransomware, Phishing and Zero-Day exploits are definitely in the top ten, and they are being seen time and time again in attack scenarios,” says Hill. Other kinds of attacks include Distributed Denial of Service (DDoS), where servers are overloaded to the point that they can no longer cope, preventing organisations and users from being able to use and access them.

Breaches: Costing more than money

Cyber-attacks can cost reputations and lead to financial penalties or make it harder and potentially impossible to operate. Keeping data safe is therefore crucial for compliance, in the EU and in the UK, to the General Data Protection Regulation (GDPR) – including the UK’s equivalent of it. A Google Search reveals that “the Information Commissioner's Office (ICO) can impose fines of up to £17.5 million or 4% of an organisation's annual worldwide turnover for breaches of the UK Data Protection Regulation (GDPR). The ICO chooses the higher of the two amounts.”

Hill remarks that, despite this, there isn’t much overall evidence of complacency about cyber-security: “Most companies adopt compliance with NIST or Cyber Essentials as a minimum for example. Additionally, there’s PCI-DSS - the payment card industry data security body, which mandates and spells out what specific controls are needed to secure card payments.” In the US, health companies also need to comply with HIPPA. Unfortunately, the healthcare industry hasn’t stopped data breaches. In 2023, the HIPPA Journal reports on average, 364,571 healthcare records are breached every day.

Organisations should therefore ask themselves:

· How do we prevent cyber-attacks?

· ‘How do we recover once attacked?’

Hill adds: “The sheer volume of attacks utilising ransomware and Zero Day exploits are making this sound like an inevitability – which is where Bridgeworks technologies come into play. Not only is recovery time a key factor here, but the importance of working alongside existing WAN technologies (such as SD-WANs) and getting every last byte across the wire - transferred and data backed up, quickly, even when encrypted - is paramount.”

When data needs protecting, having a disaster recovery strategy is essential. Quite often, SD-WANs are deployed, and they have evolved to include SASE (Secure Access Service Edge), bringing a cloud-first model for delivering security to the SD-WAN model. WAN Optimisation is another traditional approach, but he says it’s not about protecting data. Instead, it’s about sending fewer bytes through deduplication and compression technologies. It also can’t handle encrypted data in flight without the key material, and it’s a security weakness to disclose those

keys, which are needed with these techniques in order to decrypt the data, so that it can be transmitted and received once optimised – also detracting from performance.

Top cyber-security tips

Here are Bridgeworks’ top tips for keeping data safe beyond Cyber-Security Month 2024:

1. Obfuscate cyber-criminals by deploying WAN Acceleration with PORTrockIT or WANrockIT – technologies that use artificial intelligence, machine learning and data parallelisation to mitigate the effects of latency in Wide Area Networks (WANs).

- WANrockIT is used for block storage applications

- PORTrockIT is for TCP/IP streams, which can be deployed as an SD-WAN overlay. Hill says organisations should use PORTrockIT to maintain end-to-end encryption and to accelerate data wherever possible.

2. Consider whether a continuous backup strategy (rather than nightly) would be useful. With PORTrockIT, you can replace it with the two-hour version rather than one that’s two days old. He also suggests considering data transfer times in terms of how urgent the data is needed. Will getting this data faster increase your competitive edge?

3. Compliance is key – check what compliance you need to fulfil, and what solutions will augment your security posture. For recovery – you should be sending your data protected and as quickly as possible; this does not always mean you need a faster WAN; a lot of companies mistake the solutions ‘bits per second’ figure, with the effects of the transfer method and or locations?

4. Employ user education for phishing, and spear phishing. Make users more aware of how they are conducted and to learn to watch out for them. Social-engineering is another factor to consider. So, employees should be told not to share too much detail about their duties and to whom they report.

5. Update end-point security. This requires the deployment of anti-malware and anti-virus agent, as well as a desktop security policy, which prevents the user from routinely logging on as the administrator. The fewer rights someone has, the less damage they can do. Regarding critical systems and infrastructure – implement rule-based access control (RBAC) and assume that you are not 100% secure.

6. Remember that backups are so important; they can allow you to restore unaffected data. A case in point would be ransomware. You should also have an internet and users’ policy about what’s acceptable and what’s not acceptable, such as never deactivating safe search in your browser.

At the end of the day, it’s also about applying the basics of cyber-security. This includes encouraging employees to notify their own cyber-security teams of anything suspicious. Hill advises that Multi-Factor Authentication (MFA) should be implemented to further ensure that the person with the password is the person authorised to use the system. “This can be accomplished

as simply as an SMS with an OTC for them to gain access,” he explains. Let’s also not forget effective mandated strong password management, password-protected screensavers, and to avoid a Crowdstrike situation, all systems should be patched correctly to maintain integrity.

By Alasdair Anderson, VP of EMEA at Protegrity.
By Eric Herzog, Chief Marketing Officer, Infinidat.
By Shaun Farrow, Security Practice Lead at Bistech.
By Andre Schindler, GM EMEA and SVP Global Sales at NinjaOne.
By Darren Thomson, Field CTO EMEAI, Commvault.