Once More Unto the (Data) Breach

A year is a long time. Especially when it can take that long to identify that unwanted “guests” invaded your critical infrastructure.

Especially when millions of people have had their personal data, credit and/or debit card numbers, and passport numbers exposed. In some cases, users have felt defenseless across multiple breaches.

Last year was another record year for data breaches, as well as the significant volume of data privacy records that have been affected.

Regulators have had enough and are cracking down. On May 25, 2018, General Data Protection Regulation (GDPR) officially went into effect. It was the most important change in data privacy regulation in more 20 years.

The regulation will continue to reshape the way data is handled across every industry sector. Organizations that violate GDPR face fines of up to 4 percent of their annual global revenue or $22.7 million, whichever is greater, as well as other potential sanctions, including losing their ability to process personal data. This has serious and long-lasting impact to business operations, financial health and brand reputation.

“Once more unto the breach, dear friends, once more …”

– William Shakespeare

Today is Data Privacy Day (one could argue that every day should be Data Privacy Day). As the security product manager at Acquia, I thought I’d share our strategy to keep customers’ data safe. 

Acquia’s stance is to prepare ahead of time. It is not a question of if there will be an attack on your critical infrastructure but when.

Industry trends are showing that attacks are growing exponentially, and it’s quite possible that very soon corporations will be in a continuous state of responding to an active breach within their environment.

Taking on a proactive and offensive stance is the best course of action. The most critical component of GDPR is identifying a breach as early as possible, assessing the impact and communicating it effectively.

Cyberattacks typically follow the same process from early reconnaissance to the goal of data exfiltration.

This process flow is as follows:

1. Reconnaissance: The threat actor selects a target, researches it, and attempts to identify vulnerabilities in their critical infrastructure.
2. Weaponization: The threat actor will use a remote access malicious software (malware) weapon, such as a virus or worm, tailored to one or more vulnerabilities. The black market, dark web, and other illegal resources can easily provide this to any visitor for a very small sum of money or in some instance for free. Some threat actors even have the capability of creating their own malicious software as well.
3. Delivery: Intruder transmits weapon to target (e.g., phishing emails, email attachments, compromised websites, USB devices, as well as other methods).
4. Exploitation: The weapon will initiate, which takes action on the critical infrastructure to exploit the vulnerability.
5. Installation: Malware weapon is installed at an access point (e.g. "backdoor") usable by the threat actor.
6. Command and control: Malware enables intruder to have persistent access to the target’s critical infrastructure.
7. Actions on objective: The threat actor then takes action to achieve their goals. This includes, but is not limited to, data exfiltration, data destruction or modification, disruption to business operations, and/or encryption for ransom.

Defensive courses of action can be taken against these phases:  

1. Detect: Determine whether a threat actor is in your environment by identifying suspicious behavior. Is the behavior you are evaluating expected and normal? Do the audit logs identifying activity that is not warranted?
2. Deny: Prevent information disclosure and unauthorized access by following industry best practices.
3. Disrupt: Stop or change outbound traffic to the threat actor.
4. Degrade: Counter-attack the command and control activity.
5. Deceive: Interfere with command and control activity.
6. Contain: Implement network segmentation changes and configurations.

Avoid data privacy risk before it happens. Start a conversation with us today to find out how we can help.

To learn more, visit our Acquia Cloud Edge page to see how we can protect you from threats and disruptions.