Stories like Catch Me If You Can (the story of how con artist Frank Abagnale outwitted everyone in his path) make many people want to be as smart and confident as Frank, who used his charm and wit to convince people of almost anything.
After a major data breach, it's natural to look for a similar story of how an attacker used art and cunning to trick their victim into letting them in. We imagine the attacker calling the victim with a convincing story. Something like: "I'm Vassilis from the IT department, and I work with Maria, do you know Despina?" So…sorry about getting all those notifications on your phone at 3am. If you give me the pin code you received, I'll sort it out for you."
While this scene could be made into a movie, the real story behind today's breaches is never about a single bad decision – it's about the many decisions made long before an unsuspecting network administrator receives a phone call from an attacker.
In this article, we will see how the Companies they can be made more resistant to any attack or fraud, so that a moment of human weakness does not lead to disaster.
How one wrong move leads to a massive breach
In the recent breach of a large company, the attacker was able to gain entry and obtain access σε δεδομένα στις applications SaaS and on the company's cloud infrastructures on AWS and Google Cloud Platform.
We see attackers targeting data using the same techniques over and over again. They scan the environment for weaknesses: unlocked data, accounts with weak passwords, and passwords stored in plain, readable text. During this recent breach, the attacker found a password that allowed them to enter the bulk password storage system, which gave them further access to more data and more infrastructure.
Data is where the money is – attackers know we depend on its availability and privacy. Data is also where the risk lies, and that's why we need to focus on protecting it. After a breach, SaaS applications may remain intact and cloud infrastructures may be rebuilt, but data can never be “uncovered”.
Many executives may wonder, "Isn't the cloud supposed to make us more secure?"
In the Cloud, someone else is responsible for ensuring the security of applications. Someone else is responsible for patching the application and any dependencies, such as databases and operating systems. Someone else is responsible for the network, failovers, HVAC, firefighting and the lock on the physical door.
With all these security concerns in the hands of the cloud provider, what remains is to ensure that only the right people can access the right data and only access what they need, and then verify that people use the data for their intended purpose. This should be easy, right?
It's not, and it's more exposed than you think.
Shedding light on the dangers of Clouds
The average organization has nearly 20.000 folders and over 150.000 archives that are shared publicly. What's in these exposed files and folders? Over 100.000 publicly shared sensitive files in SaaS applications. In Microsoft 365 alone, the average organization had nearly 50.000 sensitive files shared publicly.
Many of today's reports are possible because the cloud makes it easy for end users to share data without the help or guidance of IT. They can share data publicly and with colleagues by clicking “share”. We found that employees create tens of thousands of sharing links in Microsoft 365. And many of those links give access to every employee. With so much sharing, the average organization now has over 40 million objects with unique rights and many exhibits that will never be seen or reviewed.
When it comes to the basics, despite the well-known security benefits of multi-factor authentication (MFA), the average organization has thousands of accounts – including administrative accounts – that don't require it.
Making the hacker's job difficult
High-access accounts are data security time bombs, and their blast radius – the potential for damage after a breach – is huge. When a single account or device is compromised, how much damage can it cause and how well will you be able to contain the damage?
Here are four steps to ensure that when one of your employees is hacked, the hacker's job won't be easy – they'll have to work much harder to compromise your critical data:
- Reduce the range of the attack. Minimize the damage attackers could do by locking down access to your critical data and ensuring employees can only access the data they need to do their jobs.
- Find your critical data (and passwords). Find and locate your critical data at risk. Scan for everything attackers are looking for, including personal data, financial data and passwords.
- Own the MFA. Enabling Multi-Factor Authentication (MFA) makes you 99% less likely to be hacked.
- Watch what matters most to you. Monitor how each user and account uses critical data and watch for any routine activity that could indicate a potential cyber attack.
A single bad decision or security breach should cause concern and irritation. If you follow the steps outlined above, all of these security options will limit the range of attacks and protect your company. This story will probably be too boring for Hollywood, but in the hacker world, it would be the perfect day for an attack!
