When a cybercriminal strikes, we’re quick to believe that they’re a highly skilled and sophisticated threat actor with an extensive toolbox of weapons to hack through a network perimeter. But this often isn’t the case. On more occasions than perhaps we’d like to admit, sensitive information is left out in the open, just waiting to be discovered.
Cybercriminals often target the low hanging fruit, and so by leaving databases exposed and neglecting basic cyber hygiene practices, businesses are making it all too easy for attackers to access their crown jewels. The biggest issue today is that organisations often don’t realise that they’ve left sensitive data exposed, and therefore believe they’re completely secure.
Given how much data is stored within one business, it’s become extremely difficult to monitor every single movement.
The risks of losing track of data
There are several different ways that businesses can unintentionally leave data vulnerable to cyber theft. These include exposed databases, forgotten databases, and third party weaknesses.
Over time we’ve noticed that a major cause of exposed databases is human negligence, either because of skill shortages, overwhelming workloads or lack of visibility. To keep databases secure, teams must stay on top of patching, although this can be complicated and time-consuming. Additionally, if the open API access is misconfigured then all efforts will go to waste and the database will be left exposed anyway. One wrong move could result in devastating consequences.
As we’ve established, it can be hard enough trying to secure the databases businesses know about – so what about those that they don’t? Without sufficient visibility over all existing databases – whether they’re still in use or not – businesses will never be able to guarantee complete security. When new databases are created, the old ones are often left to be removed but this often doesn’t happen. The fast-paced nature of business means teams get distracted and tasks fall off their lists. These forgotten databases will remain in the system and often unprotected, some still containing sensitive information, and just waiting to be harvested by criminals.
Finally, data is often shared with third-party companies, and once the information leaves the perimeter, the original company loses all control. In fact, IBM research reveals that around 60 per cent of businesses have suffered a major data breach because of a third party. By sharing information with another company, teams are essentially putting their trust in someone else’s security measures.
Extraction to exploitation
Once a vulnerable database is located, it doesn’t take much for criminals to break in and harvest valuable information. Simple methods such as using stolen credentials like emails and usernames, and other forms of personally identifiable information (PII), will grant criminals access in no time at all. From here, threat actors can do whatever they please with the data. It can be sold on the dark web, used for further data exploitation, or used for ransom.
The cost of a data breach is climbing, with IBM’s research revealing a 10 per cent rise from 2019 and the average cost now reaching $4.24 million. This shows that the initial damage caused by a breach is just the tip of the iceberg – the secondary effects of a successful attack are monumental.
The domino effect
While some may assume that it takes a while to locate historical databases that have been out of action for years, unfortunately, that’s not the case. Exposed databases are ideal for a threat actor and so they’re constantly on the lookout for a quick win.
Looking beyond the initial fear of losing sensitive data, there are several other consequences that can soon follow if an attacker is successful. Businesses risk severe reputational damage and loss of customer and partner trust around how a company protects their data. Rising levels of suspicions and doubts can impact business in the future. On a more basic level, however, once an attacker gains access to the network they will endeavour to keep their foothold so they can breach more databases. No part of the system will be safe.
It can also be hard to tell which areas of the network are infected. Even if the initial point of entry is discovered, criminals can navigate undetected, causing major damage before they are finally discovered. The more databases that attackers are permitted to access, the more it will cost the organisation to recover lost assets and re-establish the company’s security posture.
Securing the future
An effective security strategy must be built on strong foundations – which starts with getting the basics right. As patching is a crucial element of securing databases, organisations must ensure the necessary training is provided to avoid human error, especially if there is a skills shortage. Additionally, IP scanning solutions can help identify existing data leaks and which databases need priority action.
Turning attention to the attackers, businesses should make it as difficult as possible for them to break into databases. Criminals are less likely to spend more time focussing on bypassing the perimeter if it means they’re most likely going to get caught before they succeed. Digital risk solutions are available to disrupt their kill chain by blocking the footholds that attackers rely on. Organisations will be able to uncover existing exposures and correct any weaknesses within databases before any damage is done. This increased visibility is vital for maintaining and strengthening defences and keeping attackers out of all databases.
Any database could become a liability if managed incorrectly. To stay ahead of attackers and avoid the frighteningly high cost of data breaches, businesses must maintain sufficient visibility over all databases, whether they’re still in use or not. It’s important to remember that while breach attempts are inevitable, criminal success is not.