Lessons from high-profile data breaches and how to safeguard your information

As high-profile data breaches continue to make headlines around the world, businesses are facing mounting challenges in protecting customer information. These cyber incidents are complex and specific in nature, requiring organisations to take a strategic and informed approach to their security practices. By reviewing the processes of threat actors and businesses alike, we can learn how to better defend against threat actors.

Threat actors routinely gain access to data through trivial means. Whether that be through an open (unauthenticated) API endpoint, guessing passwords, lack of multi-factor authentication (MFA), or unpatched vulnerabilities with active exploits. It can be said that initial access gained by threat actors is through the castle wall defences.

But we all know the importance of a layered (defence in depth) security approach. Data breaches raise important concerns about data exposure and the accessibility of dormant accounts. For example, unused credentials sometimes have sufficient access to become an initial access point for threat actors. Almost all data breach incidents have multiple failures identified during investigation.

A good patching regime, user access reviews, and data hygiene are the holy trinity of data breach prevention. Sprinkle in a bit of secure configuration review and it’s a recipe for success.

What are the risks?

In the event of a breach, what are the primary concerns?

Recent data breaches remind us that information of all kinds, however seemingly benign, can compromise the integrity of a business. Whether it’s personal details, business analytics, or proprietary data, all can be exploited maliciously if it falls into the wrong hands.

There’s also the issue of redundancy to consider. In many breaches, credentials that were no longer in use still had enough access to systems to become a vulnerability. This raises important questions about how much data, how many accounts, and how many processes are being stored or maintained unnecessarily. Effectively managing cloud storage and digital infrastructures isn’t just about cost savings—it also enhances security, making your operations more agile and harder to target.

Trust is at the core of any relationship, including those that involve data management. Storing data with a third-party provider can offer convenience and efficiency, but if not properly managed, it can create significant risks. Ensuring that data security is a shared responsibility and that both the business and its partners are aligned in their security practices is critical.

Where are the opportunities for development?

To build a successful partnership with a third-party provider, or a stronger state of security internally, reviewing aspects of practice will lead to greater cohesion, as well as deeper security and confidence.

Interactive recommends regularly:

1. 1. Reviewing Data Security Practices: Regularly review and update your data security practices. Where is your data stored, how is it stored, and who has access to it? Also, only keep what you absolutely need, especially when it comes to personal information.
   2. Implementing Strong Access Controls: Use strong authentication methods, such as multi-factor authentication, to protect access to your data. Also, regularly review who has access to what data through user access reviews and reviews of role-based access control matrices.
   3. Regularly Audit and Monitor: Conduct regular security and compliance audits and continuously monitor your systems for any unusual activity. Penetration tests are a great way to test real world scenarios before production releases.
   4. Encrypt Your Data: Encrypt sensitive data both at rest and in transit to add an additional layer of protection. But remember, data encrypted at rest is still accessible in the clear through applications or APIs that read that data and display it back to end users.
   5. Employee Training: Educate employees about data security best practices and how to recognise potential threats.

The lessons learned from the many public data security incidents emphasise that cyber security is not a one-time initiative but an ongoing process that requires vigilance, adaptability, and proactive measures. By strengthening security practices and fostering a culture of awareness, businesses can better protect their critical data and maintain the trust of their customers.

For Interactive, cyber security is an integral part of our service offering. Get in touch with us to find out how we can help manage your IT needs.