As a provider of managed cybersecurity services, it’s our job to pay attention to data breach headlines, and 2021 has been a busy year for us at OSIbeyond!
Despite what many cybersecurity professionals expected last year, data breaches have remained on an upward trajectory despite most organizations successfully adapting to the new hybrid work model.
In fact, it took only until September for the total number of data breaches (1,291) to exceed the number of data breaches detected during the entire year 2020 (1,108).
That’s an increase of 17 percent, according to the Identity Theft Research Center (ITRC)!
But just because data breaches have caused even more damage in 2021 than they did in 2020 doesn’t mean the situation has to keep getting worse and worse as organizations of all sizes, across all industries, continue digitally transforming their operations.
With the year coming to an end, now is the perfect time to look back at some of the biggest data breaches that have made headlines over the past 12 months to see if there are any important data breach lessons that can be learned.
Download
DoD Contractor’s Guide to CMMC 2.0 Compliance
Lesson #1: Zero Day Attacks Require an Analytics-Driven SIEM
The year 2021 started with the discovery of four zero-day exploits in on-premises Microsoft Exchange Servers. These four exploits gave attackers administrator privileges and provided them with unrestricted access to user emails and passwords, as well as connected devices on the same network.
Just two months later, the exploits had already caused around 250,000 servers to fall victim to attacks linked to Hafnium, a Chinese state-sponsored hacking group.
“The vulnerabilities recently being exploited were CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, all of which were addressed in today’s Microsoft Security Response Center (MSRC) release – Multiple Security Updates Released for Exchange Server,” Microsoft addressed the incident. “We strongly urge customers to update on-premises systems immediately. Exchange Online is not affected.”
The problem was that by the time Microsoft patched the exploits, the Hafnium had already been exploiting them for two months. As if that wasn’t long enough, many administrators were completely oblivious to what was going on, delaying the installation of the patches even further.
Patching was and always will be one of the most effective ways to protect against cyber attacks, but zero-day exploits require an even more proactive approach.
An analytics-driven Security Information and Event Management (SIEM) that combines advanced threat detection with incident response tools makes it possible to discover attacks that would otherwise remain hidden and prevent them before the attackers accomplish their goals. Since such attacks can affect anyone, all organizations should consider making SIEM part of their defenses.
Lesson #2: Phishing Will Continue to Be a Major Problem
In June, a report on RestorePrivacy revealed that the personal data of 700 million LinkedIn users had been scrapped from the social networking site and put up for sale online.
LinkedIn acknowledged the incident but downplayed its seriousness, stating that it was a result of an attacker exploiting a publicly available API—not an actual hack involving a breach of its security defenses.
“Our teams have investigated a set of alleged LinkedIn data that has been posted for sale,” stated a LinkedIn spokesperson. “We want to be clear that this is not a data breach and no private LinkedIn member data was exposed.”
While it’s true that the incident didn’t contain any passwords or financial information, it still puts almost the entire LinkedIn user base at risk of phishing attempts, a threat that has played a key role in 36 percent of breaches in 2021, 11 percent more than last year.
To successfully defend themselves against phishing and its more target variant, spear phishing, organizations must spend money on cybersecurity awareness training to help employees recognize malicious emails and steer away from them.
Lesson #3: Human Error Continues to Be the Leading Cause of Data Breaches
For some time in October, it seemed that Twitch, the video live streaming service, had suffered a fatal blow. An unknown hacker leaked more than 100 GB of Twitch data, including the entirety of the platform’s source code, creator payouts going back to 2019, proprietary SDKs, internal AWS services, and more.
Twitch has obviously survived the attack, but its reputation will be severely damaged for a long time, and so will its creators, whose earnings are now publicly known.
What could possibly cause such a major data breach? Was it some kind of critical zero-day exploit? Or perhaps a new hacking tool developed by a nation-state? Far from it. The true cause of the breach was a human error.
“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party,” Twitch explained. “Our team took action to fix the configuration issue and secure our systems.”
Twitch certainly isn’t the only company that has suffered a data breach because of a human error. In fact, researchers found that approximately 85 percent of all data breaches are caused by an employee mistake.
Knowing that people will always make mistakes, organizations should prepare for the worst by implementing the Zero Trust model, which prevents breaches by eliminating implicit trust and assigning the least required access needed to perform specific tasks, among other things.
Lesson #4: Ransomware Attacks Are Becoming More Targeted and Sophisticated
Ransomware has been an even bigger business in 2021 than it was last year. The State of Ransomware 2021 survey by Sophos reveals that the average total cost of recovery from a ransomware attack has reached $1.85 million, up from $761,106 in 2020.
One particularly damaging ransomware attack in 2021 happened in May. A cybercriminal hacking group called DarkSide infected the IT infrastructure managing the US Colonial Pipeline with ransomware, causing it to halt all operations to contain the attack. Colonial Pipeline paid over $4 million using the cryptocurrency Bitcoin to restore its network, but that didn’t save the Southeastern United States from widespread gas shortages.
But it’s not just critical infrastructure providers and large enterprises who should worry about ransomware. The pandemic has kicked digital transformation efforts across organizations large and small into high gear, with organizations worldwide now using on average 110 Software as a Service (SaaS) applications, not to mention increasingly more Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) solutions.
The more organizations depend on their digital infrastructures, the more they suffer when they suddenly lose access to them, and ransomware creators know this better than anyone else. To avoid becoming easy targets, organizations must practice ransomware prevention best practices, including regular patching and backups, vulnerability scanning, cybersecurity awareness training, and others.
Lesson #5: It’s Important to Exercise Due Diligence When Choosing an IT Partner
Kaseya, one of the leading providers of IT and security management solutions for MSPs, was hit by a ransomware attack targeting Kaseya’s Virtual System Administrator (VSA) technology.
The attack was so sophisticated that it likely would have infected a large number of the more than 35,000 Kaseya customers if it wasn’t for the decision of Kaseya’s Incident Response team to immediately shut down the SaaS servers as a precautionary measure, in addition to notifying on-premises customers via email, in-product notices, and phone to manually shut down their VSA servers.
“While impacting approximately 50 of Kaseya’s customers, the company was proactive in its mitigation efforts to minimize any impact to critical infrastructure,” wrote Kaseya in a press release.
According to former employees, the attack might have been entirely avoidable because Kaseya executives were repeatedly warned of critical security flaws in the company’s products and practices, which they knowingly ignored. One employee was even fired after writing a 40-page security report, and many others were replaced with outsourced developers from Belarus.
Conclusion on Data Breach Lessons
This year’s data breaches have had many different causes, but they can all be traced back to weak cybersecurity defenses. Let’s chat about where your defenses can be improved!
To successfully resist even the most sophisticated cyber attacks, organizations must implement similarly sophisticated controls, and that’s not an easy task to accomplish without the right experience and expertise.
At OSIbeyond, we see the data breaches that happened in 2021 as opportunities for organizations to do better next year by learning from the mistakes of others. If you would like to end next year with a stronger cybersecurity posture than this one, get in touch today and let us secure your future.