Every month, there is a new data breach that threatens the security and privacy of millions of people. Although there is no way to completely stop data breaches, we can nonetheless mitigate the damage. The number of data breaches in 2021 are predicted to be 6 times higher than that in 2016; a marked increase in a short span of five years.
What’s even more disturbing is the fact that most of these data breaches targeted small businesses that are usually not prepared to deal with such attacks or don’t have the resources to recover afterward. The recovery costs are so high that most businesses fail to stand back on two feet.
We also witnessed a surge in the number of cybersecurity attacks targeting critical infrastructures such as pipelines and grid stations in 2021. This clearly shows how the focus of cybercriminals has shifted from businesses to governmental installations, health care systems and other important organizations. In this article, you will learn six key lessons from the data breaches of 2021 that will help you in 2022.
6 Important Lessons You Can Learn From 2021 Data Breaches
Here are six critical lessons you can learn from data breaches in 2021.
1. Industrial Networks are at Risk
The biggest ransomware attack of the year targeted US gas pipeline operator Colonial Pipeline. The attack was launched by a Russian hacking group known as DarkSide. Due to the attack, the company had to shut down its operations for a day. This triggered a fuel shortage which impacted different areas of the East Coast.
This cyberattack sent shockwaves throughout the cybersecurity fraternity and proved that a single attack is enough to create chaos across the nation. What’s even more alarming is that critical vulnerabilities still exist in infrastructure networks and hackers can easily exploit them. The magnitude of the attack was so large that it forced the Biden administration to ask governments to take decisive action against ransomware groups around the world.
1. Software Assurance Practices
Another attack targeted multiple businesses such as Krogger, Jones Day, Qualys and more in the early part of 2021. It targeted an obsolete file transfer system from Accellion. The hackers succeeded in stealing data from many victims. The worst part was that the stolen data was made publicly available for sale on the Dark Web.
This attack forced security experts to draw parallel with the SolarWinds incident. The reason was that both attacks targeted a popular technology developed by a reliable third party vendor. Expect to see a surge in supply chain attacks in the months to come since businesses don’t have control over coding practices their third party vendors might be using. You need a system that can raise a red flag before your entire system is compromised to mitigate the risk of supply chain attacks.
2. Cloud Misconfiguration Risks
Cybersecurity experts predict that the number of attacks targeting cloud infrastructure will grow in the future due to cloud misconfigurations and user mistakes, which can easily be avoided. Researchers at Safety Detectives found a database containing more than 400 GB of data, including social media profiles of more than 200 million users. They also found another database containing data from ElasticSearch which was not even protected by a password or any kind of encryption. The root cause behind both these incidents are cloud configuration mistakes.
1. Threat Actor Sophistication
A ransomware attack targeted Kaseya’s Virtual System Administrator technology, which is used by a number of managed service providers. Attackers found three vulnerabilities in Kaseya’s remote management technology. What made this attack stand out is the sheer sophistication as well as the time for execution. It only took hackers two hours to launch such a sophisticated attack. This clearly shows the number of resources threat actors have at their disposal these days.
2. Prompt Patching is Necessary
Security professionals put a lot of emphasis on prompt patching. Despite this, very few businesses take their advice seriously. This is evident from attacks which targeted VPN devices from Fortinet and Pulse Secure. The attack exploited vulnerabilities in VPN devices from Pulse Secure. Despite the patch being released a few months ago, most businesses failed to follow through, leading to the breach.
We also noticed an exponential increase in attacks targeting remote network access. This was expected, especially with the exponential rise in remote work. This gave hackers a window of opportunity to get their foot inside your enterprise network. Another trend that is gaining momentum is the exploitation of software vulnerabilities by cyberattackers.
According to CISA, “Cyber actors continue to exploit publicly known — and often dated — software vulnerabilities against broad target sets, including public- and private-sector organizations worldwide.” They recommended that businesses must apply patches as soon as they are made available or adopt a centralized patch management system to fix those vulnerabilities before they are exploited by cybercriminals.
1. Vulnerabilities In Exchange Servers
Earlier this year, we saw a Chinese threat actor Hafnium Group find and exploit four vulnerabilities in Microsoft Exchange Server. This alone impacted more than 30,000 organizations. Sadly, they are not the only ones. Many other attackers have also managed to do the same. It did not help that Microsoft released a patch to plug in the security loopholes after the damage had been done. This not only gave attackers access to enterprise networks but also gave them a lot of time to do the damage, which added insult to the injury.
This is a clear sign of a paradigm shift in techniques, tactics and procedures used by threats actors and hacker groups. They are more inclined towards finding vulnerability exploitation opportunities than in launching highly targeted attacks. These flaws in exchange servers is a clear indication about research clustering, which means that we might see even more attacks targeting the vulnerabilities.
Which is the biggest lesson you learned from data breaches of 2021? Share it with us in the comments section below.