By Mandy Andress, CISO at Elastic.
The last 12 months have seen cybersecurity become a prominent issue in Australia, with several high profile organisations – including the Nine Network and JBS Foods – being targeted by cyberattacks. Cyberattacks involving brute-forcing secure logins or exploiting software flaws have previously dominated headlines, but there’s a new fast-growing segment of the cybercriminal economy keeping CISOs awake at night: attackers are increasingly targeting companies that have accidentally left their data in the open via misconfigured databases.
According to the Office of the Australian Information Commissioner (OAIC), data breaches resulting from human error accounted for 30% of notifications in the first half of 2021, making it the second largest source of data breaches in this period.
One growing area of risk is the vast majority of public databases that are found on the internet are put there by accident.
And, when data is available on the internet, anyone with ignoble intentions can steal it using the free or low cost exploitation tools that scan the entire internet in a matter of hours. These tools are making light of work for bad actors who use them to detect misconfigured databases left unsecured on the open web by developers who typically have made an honest mistake.
Cybercrime has fast become a booming industry, yielding profits of $3.5 billion in 2019. Furthermore, a recent report from the Australian Cyber Security Centre (ACSC) found that the total estimated cost of cybersecurity incidents to Australian businesses is as high as $29 billion per year. And while the value of a single data record on the black market is low, criminals typically focus on grabbing thousands of records for a big payout.
Developing a Cyber Defence Roadmap
While no organisation can ever be 100 percent secure, more robust database security can be achieved through collaboration between employees, security practitioners, and executive leadership. Here are three things security practitioners can do today to mount a successful cyber defence:
- Create an intentional cybersecurity culture. A healthy security culture prioritises training employees on information security, how to report incidents, when to ask for help, and whom to contact to work together toward incident resolution. But a culture of security isn’t possible in an “infosec vs. employees” environment. So instead of punishing employees for security missteps, try developing a culture of cybersecurity that rewards diligence and adherence to security guidelines, which creates a flywheel of positive reinforcement and improves security outcomes.
- Be on the lookout for accidents. Use an external scanning system that continuously monitors for exposed databases. These tools immediately notify security teams when a developer has mistakenly left sensitive data unlocked. There are holistic security and observability solutions that can scan both internally and externally.
- Be prepared. Incident response is the bedrock of a good security program. It’s not a question of “if,” but “when” a data breach will occur. And when the data breach happens, the first actions you take can be the difference between becoming the next data breach headline or a non-story. Therefore, having a mitigation plan in place that is rehearsed regularly with your IT and security teams and your executive leadership will make it easier to deliver a swift and intentional response to a data breach disclosure.
Cybersecurity is a Team Sport
With cyber threats growing in frequency and impact, security professionals have their hands full, particularly as hybrid work environments look set to stay and companies need to manage hundreds of remote workers at any one time. Juggling an increasing amount of data with this new distributed way of working creates security challenges, unlike anything we’ve ever seen before.
There’s no single silver bullet to fix the problem. Instead, what’s needed is a combination of people, processes, and technology working in harmony on an ongoing basis.
Mounting a successful defence that covers both sophisticated cyberattacks and accidental database leaks comes down to cooperation between individuals and departments — ensuring the appropriate technology and safeguards are in place to meet the complex needs of distributed organisations.