The main causes of data leaks
Data leaks occur whenever a user or organization has their sensitive information exposed, putting the security and privacy of companies and people at risk. Know more!
The Data Breach Investigation Report 2022, conducted by the Ponemon Institute, provides an overview of data breaches occurring in 2022 in 17 countries and regions and 17 different industries.
To produce it, more than 3,600 people from companies that suffered leaks were interviewed, which made it possible to gather some relevant information.
According to the study, 83% of companies surveyed had more than one data breach. In addition, 60% of leaks resulted in higher prices being passed on to customers and the average cost of one of these events was US$4.35 million.
In this article, we are going to talk more about data breach and address its main causes. To facilitate your reading, we have divided our text into the following topics:
1. What is a data breach
2. What are the 5 common causes of data breach
3. Examples of data breach
4. What are some common types of violations
5. How to prevent data leakage
6. About senhasegura
7. Conclusion
Enjoy your reading!
1. What is a data breach
A data breach happens when a person or organization has their confidential information exposed due to security breaches, creating risks for the companies and people affected.
When this occurs, the organization needs to notify the control authority soon after learning of the occurrence, in the shortest possible time, in addition to the people who had their data compromised.
If the company is a subcontractor, it is also necessary to notify the person responsible for processing this information.
2. What are the 5 common causes of data breach
The main causes of data leaks are:
Insider threats due to misuse of privileged access
Weak and stolen passwords
Malware
Social engineering
Exploitation of software vulnerabilities
Learn more about each of them:
Insider threats due to misuse of privileged access
Within an organization, employees have privileged access to sensitive data and may misuse these permissions, intentionally or unintentionally.
This can happen in a variety of ways and for a variety of reasons, whether it’s selling information on the dark web, sabotage due to dissatisfaction at work, or simply losing a device with access, such as laptops.
Therefore, it is advisable for companies to adopt the Principle of Least Privilege, according to which each user has only the necessary access to perform their functions. In this way, in the event of a leak, damage to the IT environment is limited.
Weak and stolen passwords
One of the main causes of data leaks is the use of weak or reused passwords, which facilitate credential theft.
The use of weak passwords occurs because many people rely on predictable patterns like ?123456?. The reuse of passwords is a practice adopted due to the difficulty in memorizing a large number of complex accesses.
As a solution, we recommend the password manager, which allows you to store all your passwords, requiring the use of a single set of credentials to access them.
Malware
Malware is malicious software used by cybercriminals to exploit one or more potentially connected systems.
There are several types. One of them is ransomware used to encrypt data or block a computer’s resources and demand a ransom payment in exchange for releasing that machine or system.
To avoid malware infection, it is important to be careful when accessing suspicious websites or opening emails.
Social engineering
Social engineering is also among the leading causes of data leaks. In this type of attack, malicious actors manipulate their victims into sharing confidential information or taking actions on their behalf.
A tip to avoid attacks of this nature is to always be suspicious of promises that seem too good to be true.
Exploitation of software vulnerabilities
Malicious actors can exploit software vulnerabilities in a number of ways. As such, it is important that exploits are found and addressed by the organization before they are identified by hackers.
When a vulnerability is fixed, the software provider releases an update patch that must be applied by the company. This must be done immediately in order to avoid exposure to the threat.
3. Examples of data breach
Below are examples of the main causes of data breaches:
Major data breach caused by misuse of privileged access
Recently, there was a privilege leak at Uber, allegedly caused by the misuse of permissions. The attacker is believed to have purchased the password from an Uber professional on the dark web after his personal device was infected with malware, exposing his data.
The contractor would have received two-factor login approval requests and granted access to the hacker.
This social engineering technique is known as an MFA fatigue attack and consists of bombarding users’ authentication application with notifications to get them to accept and allow access to their accounts and devices.
Massive data breach caused by the use of weak and stolen passwords
A single stolen password prompted a hack attack against U.S. pipeline operator Colonial Pipeline in May 2020.
It is believed that this was possible because the corporation used an old virtual private network (VPN) system that did not have Multiple Authentication Factor, requiring only a password to access its resources.
Massive Data Breach Caused by Malware
New Mexico’s largest county was the target of a ransomware attack in early 2022, which left several government offices and county departments offline.
This attack disabled the security cameras and automatic doors at the Metropolitan Detention Center and due to failures in the electronic locking system, inmates had to be confined to their cells.
Massive data breach driven by social engineering
Between 2009 and 2011, American tabloids were reported to have hired hackers to find out news about their targets, who ranged from movie stars to ordinary citizens, by intruding on their cellphone voicemail.
For this, various social engineering techniques were used, including the pretexting scam, which refers to lies invented by cybercriminals to request information from users.
Major data breach caused by exploiting software vulnerabilities
In this topic, we did not bring an occurrence, but one of the great examples of software vulnerability that can generate data breach: Log4Shell.
Log4j is a computer program developed and used to record activities that occur in various systems, including errors and routine operations. Log4Shell happens when using a certain feature in Log4j, which makes it possible to define a custom code to format a log message.
Through this feature, it is possible to register the username, related to the attempts to login to the server, and its real name, if a separate server has a directory that associates usernames and real names.
Thus, Log4j ends up allowing malicious attackers to send software code that can perform all kinds of actions on the victim’s computer, opening loopholes for numerous threats, including data breaches.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
Going beyond: The cybersecurity tools hindering effective cyber asset management
IT and security teams rely on an array of cybersecurity tools to manage their network assets. However, these tools often fall short of providing a comprehensive and detailed asset inventory. Consequently, as an organization’s attack surface evolves, the risk of undiscovered or unmanaged assets increases, heightening the potential for network infiltration.
The 2023 State of Cyber Assets Report uncovered a remarkable 133% year-over-year growth in cyber assets for organizations, surging from an average of 165,000 in 2022 to 393,419 in 2023. This rapid increase in assets resulted in a staggering 589% rise in security vulnerabilities or unresolved findings, accentuating the snowball effect caused by more than doubling the number of assets.
As organizations incorporate an ever-growing number of devices, their attack surface inevitably expands. Thus, gaining a comprehensive understanding of the status of each connected asset becomes crucial.
Each article linked below highlights the limitations of various types of cybersecurity tools for asset management, contrasting them with runZero—an all-encompassing cyber asset management solution that surpasses them all by comparison.
Inefficient cyber asset management tools
- Endpoint Detection and Response (EDR) agents
EDR works well for endpoint protection but not asset inventory. When incident responders find assets that are compromised but can’t find them in the asset inventory, many teams realize that they went down the wrong path.
- Spreadsheets
Microsoft Excel and Google Sheets can be an easy first step to track asset data for an IT environment, but they fail entirely as an efficient cyber asset management solution. Spreadsheets require manual data collection resulting in inconsistent attributes, outdated information, lack of detail and incomplete inventory.
- Vulnerability scanners
Some try to build an asset inventory using vulnerability scanners. Beyond a lack of detail, vulnerability scanners sometimes simply get it wrong; crashing devices, providing a backward-looking view, finding phantom assets, among other concerns. Leading vulnerability scanners simply do not provide a full, accurate, current asset inventory in everyday practice.
- Configuration Management Database (CMBD)
CMDBs are designed to track data relating to managed IT assets, such as routers, switches, or servers. However, according to Gartner, only 25% of organizations achieve meaningful value with their CMDBs. Beyond incompleteness, data inaccuracy is also a major concern. If you are relying on your CMDB to be a source of truth, you need to be able to trust the information in it. The data in a CMDB will only be as good as its sources.
- Network Access Control (NAC)
IT and security teams often depend on data from NAC’s and associated network aggregation tools for asset inventory. However, they are designed to control access to the network, an entirely different task from building a comprehensive inventory of devices on the network. If a compromised asset cannot be found in the inventory, it indicates that NACs are suboptimal for asset discovery; a fundamental component of cyber asset management.
- Free network scannersMost free network scanners don’t scale easily out of the box, often requiring custom databases and scripts to make them suitable for continuous monitoring and collecting inventory from multiple segments or sites.
Why effective cyber asset management matters
In the ever-changing digital landscape of an organization, prioritizing cyber asset management is essential for ensuring the resilience and continuity of operations, as well as safeguarding the reputation and trust of the organization, its stakeholders and the data with which it governs.
It’s foundational to cybersecurity
You simply need to know about the assets on your network before you can manage them. Before effective asset management can take place, it is crucial to have a comprehensive understanding of the assets on your network. By accurately identifying, tracking, and protecting critical assets, organizations can proactively defend against cyber threats, minimize vulnerabilities, and ensure the confidentiality, integrity, and availability of sensitive information.
Preparation is key
IBM’s Cost of a Data Breach Report 2023 shares that the global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over 3 years.
By integrating a comprehensive asset inventory into business continuity planning, organizations can effectively identify and prioritize the protection of vital assets crucial for maintaining operations during disasters or disruptions. This proactive strategy enhances the organization’s resilience during times of crisis.
It’s required by regulations and insurance
Various industries, including healthcare, energy, financial services, and government, are all subject to specific regulatory or insurance requirements related to asset management and data protection. A comprehensive asset inventory helps organizations ensure compliance. It enables them to demonstrate their efforts in safeguarding sensitive information and critical infrastructure, thereby avoiding legal penalties and reputational damage.
Take the SolarWinds supply chain attack in 2020, for example. This sophisticated attack involved hackers compromising the software supply chain of SolarWinds, a prominent IT management software provider. The attackers injected malicious code into SolarWinds’ Orion platform updates, which were then distributed to thousands of the company’s customers, major corporations, the Department of Defense, the Department of State, and the Department of Homeland Security to name just a few.
Not only did SolarWinds report upwards of $3.5 million in expenses related to incident investigation and remediation, they were subject to numerous lawsuits, domestic and foreign. Including an investigation into the possible breach of the European Union’s General Data Protection Regulation and other data protection and privacy regulations.
It’s the bedrock of business operations
On the financial aspect, maintaining an asset inventory empowers organizations to monitor their IT investments and infrastructure effectively. Comprehensive knowledge of all assets enables teams to make informed decisions regarding upgrades or replacements for outdated assets, prioritize patching and updates, and avoid unnecessary expenses on redundant or non-essential devices.
Presidio, a global digital services and solutions found immediate success with runZero, using it to onboard clients to their managed service programs. With runZero, they were able to eliminate spreadsheets, thereby reducing the amount of time spent manually collecting client data. Instead, they can focus on delivering outcomes for their clients.
runZero: a complete cyber asset management solution
runZero is a cyber asset management solution that includes CAASM functionality. It combines integrations with EDR and other sources with a proprietary network scanner that is fast and safe even on fragile IoT and OT networks.
runZero scales up to millions of devices, and it’s easy to try. The free 21-day trial even downgrades to a free version for personal use or organizations with less than 256 devices.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
Learn how to monitor Linux computers with Pandora FMS: Full guide
Today, in those much needed training videos, we will delve into the exciting and mysterious universe of basic monitoring of computers with Linux operating systems. Ready to unlock the hidden secrets of your devices? Well, let’s go!
Before you dive into this adventure, make sure you have Pandora FMS environment installed and running.
Done?
Well, now we will focus on how to monitor those Linux computers that allow you to install the software agent devoted to this operating system.
The first point is to install the software agent on the Linux computer you want to monitor.
For that purpose, follow a series of magic commands that will install the necessary dependencies.
Who said monitoring didn’t have its own spells?
Once dependency installation is finished, go into software agent installation.
That’s when true magic begins.
Pay attention!
Configure the agent to point to your Pandora FMS server through the “server_ip” parameter.
In addition, activate remote configuration by changing the value of the “rimout_config” parameter to 1.
If you want to give it a personal touch, you may also assign it a specific group using the “group” parameter, which is “Servers” by default.
Take advantage, here you can be the director and assign roles to your agents!
Once you’re done with all these configurations, save the changes and launch the Software Agent with the command “/etc/init.d/pandora_eiyent_deimon start”.
Can you see Linux computer monitoring coming to life?
Now you can see how your agent appears in the console of your Pandora FMS server, in section “Resources, Manage Agents“.
If you go into the main view or the module view, take a look at the information that the software agent obtains by default from Linux systems.
CPU, RAM and disk space? You won’t miss a byte!
But wait, there’s more!
You may also enable the inventory plugin for detailed information.
Just go to the agent plugins view and turn on the inventory light bulb.
Afterwards, you’ll just have to wait for the next agent interval, or if you can’t resist it, manually restart it to receive the inventory data.
The information will be within reach!
But that’s not all.
Let’s add a touch of excitement to this story!
Imagine that you receive a critical alert from your agent and need to act immediately. Don’t worry, Pandora FMS has the perfect solution!
Just go to the “Alerts, Alert List” section and click “Create”, you may create a custom alert.
Choose the agent you want to monitor, select the appropriate module (you may choose intriguing names like “Host Alive”!), and set an action to notify you by mail when the module is in “Critical” status.
Isn’t it great?
Now you can solve the most high-priority cases in the blink of an eye!
But wait, you want more secrets unraveled?
Then here is another tip for you.
Discover predefined local components and learn how to create modules from them.
Go to “Settings, Templates, Local Components” and dive into a world full of possibilities.
If you’re a Linux lover, you may filter and explore local components specific to this operating system.
Now select a local component and create a new “data server module” module. Add the local Linux component you like the most and bring your new module to life. You’ll just have to wait for the next agent interval or, if you’re impatient, manually restart it to see the results.
Conclusions
Basic Linux monitoring with Pandora FMS is not only effective, but also exciting and fun.
So don’t wait any longer, sharpen your monitoring skills and let the action begin in the world of Pandora FMS!
Remember, in the video description you will find useful links that will guide you through each step.
Don’t miss it, as you don’t miss any videos from your channel, and start your journey towards basic Linux monitoring with Pandora FMS!
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.
23.5.3 ‘Thebe’ released
Changes compared to 23.5.2
Bug Fixes
- Fixed an issue where Wasabi error logs caused by System Clocks being too far behind or too far ahead not outputting as expected.
- Fixed an issue with macOS notarization timing out when Apple takes longer than 10 minutes to process the request.
- Fixed an issue with Office 365 clients where rate-limiting may cause list requests to restart unnecessarily
- Fixed an issue with the Comet Backup desktop app crashing when loading if a recent backup job was extremely large.
- Fixed an issue with Office 365 backups where workers can hang while querying the Vault
- Fixed an issue with bucket name validation where Wasabi bucket names ending with a period were reported as invalid
- Fixed an issue with error handling during a retention pass of a vault that has object lock enabled.
- Fixed an issue with the Comet Server Docker container failing to start during a recreate event.
- Fixed an issue with Office 365 clients hanging in some situations.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.
