What Recent Data Breaches Tell Us About Encryption?

Recently, several companies and organizations around the world reported data breaches and ransomware attacks. ‘Yum! Brands’, the company which owns KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill, has recently fallen victim to a ransomware attack leading to data breaches. The attack, which happened on January 18, 2023; led to a temporary shutdown of nearly 300 restaurants in the UK.

MSI, the prominent Taiwanese hardware giant which produces motherboards, GPUs, and other PC peripherals, was also hit with a severe ransomware attack. MSI's systems were breached by a ransomware known as ‘Money Message’, which exfiltrated around 1.5TB of data, including databases and source code, and demanded $4 million in ransom.

Even the highly popular ChatGPT recently suffered a technical glitch, which allowed users to see other users’ chat titles. Regardless of the cause of a breach, data breaches cause severe financial loss, are extremely time-consuming, and take a toll on a business’s day-to-day operations. Having a robust data security strategy and securing your organization’s data across devices, businesses can achieve long-term benefits and safeguard their operations against potential threats.

Data breaches occur when unauthorized individuals gain access to sensitive information without permission. There are several methods by which attackers can breach data, including exploiting software vulnerabilities, social engineering, physical attacks, and stealing login credentials.

Once an attacker gains access to a network or system, they can use a variety of techniques to steal data, including installing malware, sniffing network traffic, and using brute force attacks to crack passwords. Attackers can also use backdoors or rootkits to maintain access to the system even after being discovered.

In many cases, attackers use a combination of these techniques to gain access to sensitive data. They may use social engineering tactics to trick employees into revealing their login credentials, then use those credentials to access sensitive data stored on cloud-based servers.

Alternatively, attackers may use malware to infect a computer, which can then be used to steal data and send it back to the attacker. To prevent data breaches, organizations must implement a range of security measures, including firewalls, antivirus software, intrusion detection systems, and encryption to protect their sensitive data from unauthorized access.

One practical real-life example of how data breaches work is the 2017 Equifax data breach, one of the largest data breaches in the history. Equifax, one of the biggest credit reporting agencies United States, was hacked and the sensitive personal information of over 143 million consumers, including Social Security numbers, birth dates, and addresses, was stolen.

The breach occurred due to a vulnerability in a web application called ‘Apache Struts’, that Equifax was using. Hackers were ablet to gain remote access to Equifax’s servers, by writing their malware code and implementing it to the open vulnerability.

Data breaches can be caused by various factors, including malware and human errors. Understanding the root causes of data breaches is critical for preventing them in the future and protecting sensitive information. Following are some of the common factors influencing a data breach:

1. VIRUS / MALWARE: Malware is a common cause of data breaches. Malicious software such as viruses, worms, and Trojans can infect systems and compromise sensitive data. Cybercriminals use malware to gain unauthorized access to networks, steal information, and disrupt business operations. Malware can be spread through infected email attachments, websites, or social engineering tactics.

2. VULNERABILITIES: Cybercriminals can exploit weaknesses in software applications such as an open vulnerability or a backdoor, and gain access to sensitive information. This can happen due to poor coding practices, lack of updates, or insufficient security measures. Backdoors are secret entry points into a system that are intentionally created to bypass security controls.

3. SOCIAL ENGINEERING: Social engineering is a technique used by cybercriminals to manipulate individuals into divulging confidential information. This can include phishing scams, pretexting, or baiting. Social engineering attacks can be difficult to detect, as they often exploit human psychology and trust.

4. PHYSICAL ATTACKS: Physical attacks are another cause of data breaches. This can include theft of laptops, mobile devices, or other physical assets that contain sensitive data. Cybercriminals may also gain unauthorized access to physical locations, such as server rooms or data centres.

5. HUMAN ERROR: Improper configuration and human errors are also common causes of data breaches. Misconfigured systems such as weak passwords or accidental data sharing, can result in sensitive information being exposed. It is important to have proper security controls in place, such as access controls and data classification policies, to prevent these types of breaches.

Data breaches can be reported late for a variety of reasons. One common reason is that companies may not immediately realize that a breach has occurred. It can take time for security teams to detect and investigate a breach, especially if the attackers are using sophisticated techniques to evade detection. Additionally, companies may prioritize containing the breach and restoring services before notifying customers and the public, which can result in a delay in reporting.

Another reason for late reporting is the legal and regulatory requirements surrounding data breaches. Depending on the jurisdiction and the nature of the breach, companies may be required to report the breach to government agencies, notify affected individuals, and provide ongoing updates on the situation. These requirements can be complex and vary by location, which can result in delays as companies work to navigate the legal landscape and ensure compliance with all relevant laws and regulations.

While prompt reporting of data breaches is important to mitigate the risks to affected individuals and organizations, there are often logistical, legal, and practical challenges that can cause delays in reporting.

When a company's data is breached and leaked online, it can have severe consequences for both the company and its customers. Depending on the nature and extent of the breach, the data leaked can include sensitive information such as customers' personal identifying information, credit card data, and confidential business information.

According to a study conducted by IBM, the average cost of a data breach for a company in 2020 was $3.86 million. This includes direct costs such as investigation, remediation, and legal fees, as well as indirect costs such as lost revenue and damage to brand reputation. Furthermore, the study found that it took an average of 280 days to identify and contain a data breach, which gives attackers plenty of time to steal sensitive information and cause significant damage.

This can expose customers to identity theft, financial fraud, and other forms of cybercrime. Customers may also lose trust in the company and its ability to protect their data, which can result in reputational damage and a loss of business for the company.

In addition to the immediate risks, there are protracted long-term effects caused by a sever data breach. A company may also face legal and financial consequences for the breach. Depending on the laws and regulations governing data privacy in their jurisdiction, companies may be required to notify affected customers of the breach, offer identity theft protection services, and report the breach to government authorities.

Companies may also face fines, lawsuits, and other legal action from customers, regulators, and other stakeholders. The costs associated with responding to a data breach can be substantial, including the costs of investigating and containing the breach, notifying customers, providing credit monitoring services, and defending against legal claims.

Prevention is better than cure. Preventive measures for data breaches can help organizations avoid the devastating effects of a breach. A robust preventive measurement strategy ensures that sensitive info is protected at all times, leaving no chance for attackers and ransomware to take unauthorized access of it. Here are some common preventive measures:

DATA ENCRYPTION AND PROTECTION: One of the most effective ways to prevent data breaches is through strong encryption, which can safeguard information against theft, loss, or unauthorized access. This can be accomplished through the use of an advanced encryption program such as AxCrypt, that protects data across all devices, ensuring that only authorized users have access to sensitive information. Encryption can help prevent data breaches by ensuring that data remains secure even if it falls into the wrong hands.

PASSWORD MANAGEMENT: Weak passwords are one of the top reasons for an easy data breach. According to a Verizon Data Breach Investigations Report,80% of hacking-related breaches are caused by weak or stolen passwords. Cybercriminals use various methods, such as brute-force attacks, phishing, and social engineering, to obtain passwords. Once they have gained access to a user's account, they can steal sensitive information or use it to launch further attacks on the organization. Moreover, people often reuse the same password for multiple accounts, which makes it easier for cybercriminals to gain access to other accounts as well. It is crucial for businesses and individuals to have a dedicated password manager that can save credentials and generate new strong passwords.

CLOUD ENCRYPTION: Cloud storage encryption is a crucial component of cybersecurity measures. By encrypting data before it is uploaded to the cloud, organizations can ensure that sensitive information remains protected. With the increasing use of cloud storage for data storage and collaboration, the need for secure cloud storage solutions has become more pressing. Encrypting data in the cloud can prevent unauthorized access, data breaches, and ensure that only authorized personnel have access to sensitive information. AxCrypt integrates will all the major cloud storage platforms such as Google Drive, OneDrive, Dropbox etc. and automatically encrypts data on the cloud.

STRONG ACCESS CONTROLS: Implementing strong access controls is essential for organizations to safeguard their sensitive data. To control who sees what, and to limit the number of employees who have access to such data, access controls such as secure sharing can be put in place. This will ensure that only authorized personnel can access confidential information.

By restricting access to sensitive data, companies can reduce the risk of data breaches and leaks. Therefore, it is crucial for organizations to implement strong access controls as part of their data security strategy.