Though cyberattacks dominated the news in 2014, with companies such as JPMorgan Chase, Target and Home Depot suffering from breaches, cyberattacks aren’t limited to only big companies. Brand recognition matters little to cybercriminals, and organizations of all sizes have been victims of a data breach. This trend will likely continue in 2015, with attacks growing not only in number, but in sophistication, as well.
The following is a look at a handful of the most damaging threats of 2014 and how they changed the corporate conversation on data security and protection:
Home Depot Data Breach
In this breach, cybercriminals compromised more than 56 million credit card and debit card accounts, along with 53 million customer email addresses. They used the stolen email information in multiple phishing scams that targeted unsuspecting customers. Similar to the Target breach, attackers used stolen credentials from a third-party vendor and exploited an unpatched vulnerability in Microsoft Windows to compromise the company’s point of sale devices. According to Krebs on Security, they targeted the 7,500 self-checkout lanes, which were clearly referenced as payment terminals by the internal systems.
The Heartbleed bug existed for two years before it was discovered as a vulnerability. It exists in the very popular OpenSSL data encryption standard that reportedly affected more than 500 million websites at the time of discovery. Several organizations were breached through this exploited vulnerability, including the Canada Revenue Agency, where more than 900 Social Insurance Numbers were compromised in just a matter of hours.
This bug, which had gone unnoticed for more than two decades, let cybercriminals execute malicious code within a bash shell, the typical command prompt on PCs, Macs and Linux machines. This let them overwrite authentication information and gain access to confidential information by taking control of the operating system. Since this vulnerability existed for such a long time, it also affected many older systems whose operating systems were no longer supported with patches to fix the vulnerability.
In this breach, cybercriminals gained access to names, addresses, phone numbers, email addresses and internal JPMorgan Chase information for more than 83 million accounts. The source of the attack that led to the data breach was discovered to be an overlooked network server that was missing a simple security fix that enabled two-factor authentication.
Why You Need to Act
While it is impossible to anticipate every attack and prevent every data breach, it’s important to be equipped with the following tools and security programs to have an integrated threat protection system that protects your company’s data and minimizes the risk and damage caused by an attack:
- Comprehensive Asset Discovery: You can’t protect what you can’t see. It’s vital to ensure you have visibility into every endpoint within your organization regardless of whether it is fixed, mobile or remote.
- Install Two-Step Authentication for Logins: This simple security fix ensures additional protection against a potential breach in case of lost or stolen passwords.
- Real-Time Situational Awareness and Incident Response: You need to have a tool that can give you real-time visibility into your endpoints with the capability to ensure automatic quarantine and immediate remediation of all your endpoints, wherever they are located.
- Automated Patch Management: Having an efficient automated patch management solution that can find vulnerable endpoints and apply required patches within minutes or hours can reduce the window of exposure to any potential threats.
- Vulnerability Management: Having an efficient vulnerability management system would ensure the most vulnerable endpoints are patched and secured first by analyzing the risks associated with the various vulnerabilities and identifying the priority of remediation through patches and configuration management.
- Mobile Threat Management: Given the shift to an increasingly mobile workforce, mobile malware is the next big security threat to every enterprise. With employees using a number of apps and devices to increase productivity, your enterprise is susceptible to rogue and malicious apps compromising your data.
How IBM Can Help
IBM Security provides you with the right tools to ensure you are well-equipped to face increasingly sophisticated advanced threats. The following solutions are designed to disrupt the life cycle of advanced attacks with a three-pronged approach that helps you prevent, detect and respond to threats:
- IBM BigFix™ ensures your endpoints are in continuous compliance with various security and operational policies. With real-time visibility into your endpoints and automated custom remediation capabilities, it ensures your organization is equipped with a real-time situational awareness and incident response system.
- IBM MaaS360™ lets you provision, secure and manage your mobile devices, apps and content — all from a single portal — while minimizing risk to your organization.
- IBM QRadar SIEM™ consolidates log source event data from thousands of device endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives.
- IBM Security Trusteer Apex™ Advanced Malware Protection provides protection against unknown, zero-day threats and advanced malware without affecting user productivity. This software protects endpoints throughout the threat life cycle by applying an integrated, multilayered defense that breaks the attack chain and preempts infection.