As the threat landscape continues to cater an arsenal of highly complex vulnerabilities and threats, the chances of an organization facing a data breach are highly likely. Long gone are the days when hackers permeating a company’s security system was a matter of ‘if,’ since now dealing with the consequences of a breach has become a question of ‘when’- and a threat which demands urgent attention from security providers, teams and organizations alike.
Bearing witness to the staggering frequency with which these cyberattacks take place are the results from a study conducted by the cloud solutions provider iomart. The study, which aimed to determine the cost of data breaches, brought to light that the total number of compromised records has seen a 273% increase in the first fourth months of 2020 alone, as compared with the same months in 2019. Out of all the data breaches that were taken into account within the study, nearly 40% had taken place in the U.S.
Furthermore, the data breach situation takes a turn for the worse, when we account for the average time it takes for security professionals to identify, and respond to breaches. If there’s one word that perfectly encapsulates the essence of both the threat and cybersecurity landscapes- it is speed. Simply put, the sooner an organization detects, and responds to anomalies, the higher are their chances of combating the threats they face. Unfortunately, however, the same iomart study, stated that on an average, it takes 187 days for security teams to identify a breach, and another 59 days to contain it. Within the fast-paced world of today, where threats operate at machine speed, the average amount of time it takes to simply detect breaches leaves a lot to be desired, not to mention the 10-99 million records that could get compromised within that period.
Having said that, however, it is worth analyzing the reasons which enable cybercriminals to commit data breaches on such a large scale. Whether the breach is as large as the attack on Capital One (which amassed a total of 100 million credit card details being stolen), or a breach on a small business, deducing why hackers launch breaches, and how they bypass authentication measures is the first step, on the long path towards better cybersecurity.
Fortunately, in an attempt to clear up any doubts that our readers might be harboring, we’ve compiled an article that delves into answering some of the toughest questions associated with data breaches, the most prevalent one being how cybercriminals evade authentication. Hopefully, as we analyze the primary reasons behind the staggering frequency of data breaches, we’ll be able to come up with answers that help prevent them from occurring in the future.
Why do hackers launch data breaches?
As we’ve already mentioned above, perhaps the only way through which organizations can formulate a security strategy that enables them to prevent data breaches from occurring is to figure out what motivates cybercriminals to launch data breaches in the first place. To put it simply, hackers love credentials. And while that may seem over simplistic to some, the fact of the matter is that the thirst for credential information is what caused a staggering 67% of the 3,950 breaches reported between 2018 and 2019. Moreover, further bearing witness to the thirst that hackers have for sensitive credentials, is the fact that the Verizon 2020 Data Breach Investigations Report stated that 80% of all hacking-related data breaches involved compromised passwords.
Over the course of recent years, however, as the authentication techniques employed by organizations have gotten increasingly sophisticated, cybercriminals have adopted certain techniques, which enable them to bypass the authentication put in place. In a typical data breach, the hacker responsible will rely on the following techniques to get around the verification protocols concerning passwords:
1- Sabotaging the credential vault:
When it comes to wreaking as much havoc on an organization as possible, perhaps no strategy is as effective as targeting an organization’s internal vault, which stores all sensitive credentials, including all passwords and details about user logins, etc. If the internal vault hasn’t been configured correctly, there’s a high chance that hackers will exploit it to gain access to hordes of valuable information. Having said that, however, regardless of how properly configured the vault is, an organization’s vault will always be a prime target for hackers- which is why it is critical that its security is prioritized.
2-Utilizing phishing to trick users:
In instances where cybercriminals can’t gain access to an organization’s vault, there’s a high probability that they’ll launch nefarious schemes, which target users and manipulate them into giving up their confidential credentials. Perhaps the most frequently deployed scheme is phishing, through which hackers trick users by utilizing a fake identity.
Other strategies include spoofing, DNS cache poisoning, spamming a user with bogus phone calls. In the unfortunate instance that a user falls for these traps, a single click on an email or a malicious link could start the download of malware on the unsuspecting user’s device. Malware such as keystroke loggers can transmit credentials, such as credit card numbers from the user’s computer to the criminals without detection.
Moreover, by targeting thousands, if not millions, of users through phishing and spoofing schemes, cybercriminals have a much higher chance of success- which explains the staggering frequency with which these distributed attacks currently occur.
3- Launching sniffing attacks:
Another frequently adopted technique is that of network sniffing. As the name quite aptly suggests, a network sniffing attack refers to the act of a malicious agent tapping into a public WiFi network. Once they’ve gained access to the WiFi network, it is only a matter of utilizing the right tools, through which cybercriminals can leverage all types of sensitive information.
Usually, the information that cybercriminals exploit from WiFi networks consists of login credentials, passwords, credit card and social security numbers. Additionally, it is also worth mentioning that hackers may formulate rogue access points, simply by posing as legitimate WiFi networks. By fabricating these access points, the bad actors operating the access points can monitor the online activities of thousands of users, as well as gather their sensitive information.
How Can Data Breaches Be Prevented?
As was made evident by the findings of the 2020 Verizon Data Breach Investigations Report, the weakest link in the authentication measures adopted by any organization are passwords. To put it simply, passwords can be targeted by a multitude of attacks, such as phishing, spoofing, sniffing, keylogging, etc; which is why it makes sense for an organization to eradicate the use of passwords altogether. From a technical standpoint, replacing passwords with more secure alternatives eliminates the need for internal vaults, which in turn, significantly minimizes the threats facing organizations.
If you’re on the cynical side, you might be thinking about two-factor authentication (2FA), and how the technology virtually ‘solves’ the password problem. While that might be true on paper, the fact of the matter is that 2FA may even amplify the password problems, by significantly increasing the amount of pressure on the end user. Fortunately, however, by opting for the more recent, three-factor authentication security strategies, both users and organizations can see an effective solution to the dilemma that passwords present.
Unlike two-factor authentication practices, three-factor verification starts from our smartphones, and consists of a simple formula based on “something you have, something you know, something you are.” By leveraging the biometric scanning features that come with every smartphone, users fulfil the “something you have” and “something you are” requirements. The last “something you know” requirement is satisfied through a free-to-download mobile application.
Although no security solution is a hundred percent perfect, employing three-factor authentication ensures that an organization is dealing with the password problem in the smartest possible way. With the adoption of any security measure, you can’t ignore the human element; with three-factor authentication, you use the human need to err to your benefit- which guarantees that security is permeated in a simple, yet highly effective way.
As the threat landscape continues to evolve, and data breaches grow increasingly sophisticated- perhaps the most significant step that organizations can take to combat the threat of having their confidential information stolen is to simply stay educated. By adopting modern technologies such as three-factor authentication, users and organizations can hopefully circumvent the threat of data breaches, in the meanwhile, it is significant that you stay informed of the developments in the digital worlds.
About the contributor: Waqas is a cybersecurity journalist and writer who has a knack for writing technology and online privacy-centric articles. He strives to help achieve a secure online environment and is skilled in writing topics related to cybersecurity, AI, DevOps, Cloud security, and a lot more. Waqas runs the DontSpoof.com project, which presents expert opinions on online privacy & Security.