October is National Cybersecurity Awareness Month (NCSAM) and a great time to glean some lessons from some of the most publicized security breaches. By understanding the root causes of some of the headline-grabbing cybercrime incidents, you can take action to protect your own organization’s data.
There are three generally accepted elements of cybersecurity – people, processes and technology – and each have been the culprits in some recent high profile hacks.
Research firm Gartner Inc. estimates as much as 95% of cloud breaches occur as a result of human error like configuration mistakes, and the firm expects this trend to continue. According to the Wall Street Journal, “Complexity may not always be the root cause of incorrect server configurations. Errors can arise from subcontracting the work to third parties or just because of laziness on the part of those setting up a server, according to Bob Diachenko, cyber threat intelligence director of consulting firm Security Discovery.”
In July, Capital One Financial Corp. reported there had been a breach of its cloud server and it exposed the personal information of more than 100 million customers and credit card applicants. The Wall Street Journal reported, “In Capital One’s case, for instance, a flawed firewall implementation allowed the attacker to gain access to a server hosted on Amazon’s AWS service, and the company said in its disclosure that AWS wasn’t to blame.” It’s critical to check and double check security implementations such as firewall rules or rule change requests.
In 2016, the central bank of the country of Bangladesh was the victim of cybercrime when hackers made off with $80 million. The vulnerability that allowed the hackers to steal the funds? Cheap equipment. According to Reuters, “Bangladesh’s central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network… The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based.”
Unfortunately, cybersecurity threats are only becoming more sophisticated. Regarding a recent attack on Australian National University, the Australian news outlet 10 Daily reported, “The university last week revealed the attack began after a staff member was sent an email infected with a virus. The email only had to be previewed — so no link was clicked and the message didn’t have to be opened — for the hackers to access ANU’s network. Vice-chancellor Brian Schmidt described it as ‘shocking in its sophistication’.”
Ready to begin a defense-in-depth approach to securing your environment? Otava can help. We employ stringent defenses in our people, processes and technology to protect organizations of all industries and sizes from human error and malicious attacks. Check out our blog about protecting against attacks, contact us to chat with a security expert or call us today at 877-740-5028.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.