Smart Female IT Programer Working on Desktop Computer in Data Center System Control Room. Team of Young Professionals Doing Code Programming
Security

The Security Toolbox: 7 Pervasive Security Gaps Causing Data Breaches

This blog is part of a series to help organizations of any size optimize their security. Our experts provide insights and recommendations based on common security use cases, customer questions, and security software developer needs.

When data breaches make the news, it’s easy to assume that a band of genius-level cybercriminals found their way to an organization’s data through the tiniest of vulnerabilities. Surely the victim organization was doing everything right—right?

The truth is much more mundane. Most cybercriminals buy malware or ransomware off the shelf and simply remain persistent, knowing that their code, emails, or other threats will eventually encounter a pervasive security gap that will end in access to data.

Most successful data breaches and cyber attacks occur because of easily exploited security gaps. Bad passwords, outdated or poorly configured software, and clicks on nefarious links in phishing emails continue to be the main cause of data breaches. Data breaches can result in costs of millions of dollars in disaster recovery, reputation and trust management, and ransomware and may end in the private data of a company’s employees and customers landing on the dark web.

Although you’ve probably heard and read similar articles about fixing the simple things, as a technology company, we reiterate the importance of cybersecurity best practices and assessments. We want our customers to get the most from their technology investments and hopefully avoid the painful lessons of an actual breach.

What are the most pervasive security gaps that can be exploited by threat actors?

Number 1: Weak passwords

Oh, if we could only count the number of times we’ve typed “1234” or “0000” into a laptop display or an employee-only computer at a retailer and gained access to their network. Weak passwords include easily guessable passwords, shared passwords, lack of multi-factor authentication, and lack of adequate and appropriate user permissions, controls, and authentication.

Number 2: Inadequate employee training

This is why we all sit through a video on cybersecurity twice a year. But sometimes that’s not enough. Programs to increase employee awareness and training to be able to recognize threats must be consistent and ongoing. Employees should learn about the importance of robust and unique passwords, how to recognize phishing scams and social engineering, and what is appropriate and safe online behavior with any devices that access the organization’s network.

Administrators can be targets of phishing as easily as anyone else, and shared administrator credentials should never be part of a technology team’s protocols.

Number 3: Insufficient patching and software updates

Here’s where cybercriminals shine. They understand that outdated software that continues to have access and controls within a network is an open door to cyber threats. Technology professionals must prioritize patching and updates for all software in their environment. If a patch or update isn’t done promptly, it’s more likely to sit on the sidelines as a “to do” and can leave known and unknown vulnerabilities wide open.

End-of-life technology also falls into this category because developers have ceased support, patching, and updates altogether. The remedy for this type of software is to replace the old version with current technology and decommission the old technology before the end-of-life date.

Number 4: Inadequate access controls and user privileges

Authenticating a user is not the same thing as assigning access only to the parts of the network they need. Excessive user privileges and weak access controls can make it easier for attackers to gain unauthorized access to critical systems or data. Organizations should implement strong identity and access management by enforcing the principle of least privilege and regularly reviewing and revoking unnecessary access rights.

Number 5: Lack of encryption

Many organizations store personal and sensitive information for employees and customers. Encryption of all sensitive data should occur when the data is in transit and when it’s at rest. Encryption protocols should be in place for communication channels and any portals, applications, and control points where the transfer or presence of data occurs. An effective network security program will include robust encryption for a technology environment.

Number 6: Weak network security

A lack of firewalls, misconfigured firewalls, misconfigured network devices, and a lack of intrusion detection and prevention systems all make an organization more susceptible to cyber attacks. Organizations should establish robust network security measures and regularly monitor network traffic for potential threats.

Number 7: Inadequate incident response and recovery plans

A lack of well-developed and defined plans and governance in the event of a data breach or cyber attack can result in poor and slow response and coordination. To effectively respond to and contain breaches, organizations should develop comprehensive incident response plans, conduct regular drills and simulations, and establish mechanisms for timely reporting and communications during security incidents.

Learn more about security for your unique environment

If you’re not sure about your security posture or the level of vulnerability in your organization’s IT environment, a security assessment can help you develop a clear view of your current state and the possible remediations needed. You can also rehearse real-time scenarios and threat-hunting through our Cyber Defense Simulation service. Visit the Professional Services for Security resources section for overviews of the different types of assessments available, and contact us at [email protected] to learn more.

For more support, read the other blogs in this series which include tips for building up cybersecurity skills, a review of the cybersecurity mesh architecture framework, and practical ways to secure APIs.