Imagine you find out the most private details of your DNA, only to have them spilled out for anyone to see. That’s the scare 23andMe users faced when a big data breach hit, turning their quest for genetic discovery into a privacy nightmare.

This mishap shook trust in the company, leaving many to question the safety of their most personal data. For the CEO and investors, the data breach was a disaster, crashing stock values and challenging the company’s future.

This breach was a stark reminder of the fine line between innovation and privacy. In the U.S., data breach incidents have peaked, with a nearly 20% increase in the first nine months of 2023 compared to the same period last year. Additionally, 98% of companies have felt the impact through vendors who’ve experienced breaches in the past two years.

Let’s explore how to prevent data breaches and protect sensitive information in risky environments.

Key takeaways

• The U.S. data breach rate surged by nearly 20% in early 2023, so the need for robust data security measures is growing.

• The main reasons why data breaches occur include phishing, cloud misconfigurations, zero-day vulnerabilities, and third-party attacks.

• Implementing a strong password policy, regular training and multi-factor authentication (MFA) are critical steps in data breach prevention and protecting customer data.

• NordLayer helps achieve Zero Trust Network Access (ZTNA) and Secure Service Edge (SSE) frameworks that reduce data breach risks.

• A comprehensive security strategy is essential for data breach prevention.

Why a data breach can happen

Data leaks are big problems for organizations. They lead to lost sensitive data, damaged trust, and high costs. Breaches happen differently, each finding a weak spot in a company’s digital or physical defenses. Knowing about data breach methods helps organizations strengthen their defenses and keep their data safe.

Social engineering and phishing

Social engineering has been around for a long time, yet it remains a highly effective method for causing data leaks. Despite widespread awareness about the risks of clicking on links in suspicious emails, a surprising number of data leaks—up to 90%—involve some form of social engineering.

Social engineering is the art of manipulating people into giving up confidential information or performing actions that grant access to secured systems and corporate data. It’s like someone dressing up as a postal worker and convincing you to hand over your house keys. This method works well because it tricks people, not machines.

Cloud misconfigurations

Imagine leaving your house with the front door unlocked. That’s similar to cloud misconfigurations. They happen when cloud settings aren’t appropriately secured, like leaving security features off or setting them up wrongly. This makes it easy for attackers to access data stored online. Because so many companies use cloud services, such mistakes are common and can lead to big problems.

Zero-day vulnerabilities

A zero-day vulnerability is a flaw in software or hardware that attackers find and use before the makers can fix it. It’s like a hidden weak floorboard in a new house that nobody knows about until someone steps on it and falls. Zero-day vulnerability attacks are rare but can cause much damage because there’s no defense against them at first.

Attacking the security flaws of vendors

This happens when attackers find a weak spot in the systems of companies that your organization works with. In 2022, the number of supply chain attacks jumped by 633%. They are still a big problem. For example, in June 2023, a group of threat actors from North Korea got into JumpCloud, which is a company that provides software services, by exploiting weaknesses not directly in JumpCloud but in another company they trusted. If the companies you share your data with aren’t careful, your data might be in danger, too. When we share data, we hope the other company will protect it well. Sadly, this doesn’t always happen.

Malware

Malware is a sneaky bug that gets into your computer to spy on you or steal things. Attackers send harmful software in emails or through websites. Once it’s on a computer, it can steal sensitive data. Keeping software up to date and being careful about what you download can help keep malware out.

Credential stuffing methods

Credential stuffing is when attackers use stolen passwords to try to get into many different accounts. It’s like someone finding a key and trying it in every door in the neighborhood to see which ones it can open. People often use the same password for many accounts, which makes this method very effective. To guard against this, having rules for strong passwords in your organization is a good step. It’s also smart to change passwords often, use a password manager, and make sure you don’t use the same password more than once.

Outdated or unpatched software

Using old or unpatched software is like having a lock that everyone knows how to pick because it’s old and the maker never improved it. Attackers look for software that hasn’t been updated because it’s easier to break into. Keeping software up to date is a simple but important way to protect data.

How to prevent data breaches

Keeping data safe is essential for protecting private information, earning people’s trust, and avoiding money problems. Using a mix of smart tech fixes and teaching your team about safety can help stop unauthorized access to your data. Let’s break down how to do this in simple steps anyone can follow.

Teach your team regularly

Since 9 out of 10 data breach incidents begin with phishing, often due to simple mistakes, setting up regular training for your team is crucial. Most importantly, your team will learn to spot phishing emails—fake messages designed to steal sensitive data. Also, these sessions should cover how to create strong passwords, the importance of not sharing sensitive information, and what steps to take if they suspect a data breach threat. Making this training a routine ensures everyone stays sharp and ready to protect your organization’s data.

Make strong passwords a must

Using weak passwords is like using a flimsy lock on your door. To combat this, enforce a policy requiring solid and complex passwords. These passwords should be a mix of letters, numbers, and symbols, making them hard to guess.

Encourage or require password changes every few months to keep things even more secure. This simple step can significantly reduce data breach chances.

Add an extra lock—multi-factor authentication

MFA adds a crucial layer of security. It’s a way to ensure that even if a password gets stolen, there’s still another barrier keeping intruders out.

MFA can include something you know (like a password), something you have (like a smartphone app that generates a code), or something you are (like a fingerprint or facial recognition). This method significantly lowers the risk of someone else accessing your accounts.

Keep everything up to date

Software developers release updates not just for new features but to fix security gaps that threat actors could exploit. By staying on top of these updates, you’re essentially replacing old locks with new ones regularly.

This doesn’t just apply to your security software but to all software used in your business.

Don’t let everyone in every room

Think of your organization’s data like a house with many rooms. Not everyone needs a key to every room—just the ones they need to enter for their work.

This approach is called ‘least privilege,’ and it greatly lowers the risk of sensitive information getting out by mistake or on purpose.

Identity and Access Management (IAM) systems and tools like NordLayer’s Cloud Firewall are like giving out specific keys for specific doors. They help manage who can access certain pieces of information.

It’s also crucial to check the security measures of outside companies with access to your data. They might accidentally leave a window open for threat actors to climb through.

Build a strong fence—network security

Imagine surrounding your data with a high-tech fence. This fence, made up of firewalls and encryption, keeps your data safe from intruders.

Firewalls act as the gatekeepers, deciding what traffic can enter or leave your network. Encryption scrambles your data, so even if someone manages to grab it, they can’t understand it.

Together, they create a strong barrier that spots and stops threat actors before they can reach your confidential information.

Trust no one

Zero-trust security is like not letting anyone into your house without verifying their identity every single time, even if you recognize them.

In the digital world, this means not automatically trusting anyone inside or outside your organization. Everyone must prove they are who they say they are and that they really need access to the information they’re asking for.

This approach ensures that only the right people get access to the right data, reducing the chance of a data breach. It’s a way of keeping your digital doors locked tight, even if someone has managed to get past the fence.

Have a plan if a data breach happens

Even with the best precautions, things can still go sideways. That’s why having a response plan is crucial.

This plan outlines what to do, who to call, and how to communicate during a data breach. It helps you act quickly to limit damage and start the recovery process. Practicing this plan ensures everyone knows their role in an emergency, making it easier to stay calm and organized when every second counts.

Keep copies of important stuff

Backing up your data means quickly restoring what was lost and keeping your business moving without missing a beat.

It’s a safety net that ensures even in the worst-case scenario—like a ransomware attack or a natural disaster—you can recover your essential data. Regularly updating and storing these backups in a secure, offsite location or cloud service adds an extra layer of security.

Improve your data security with NordLayer

NordLayer offers solutions that support the Zero Trust Network Access (ZTNA) framework, a key strategy in modern data security. ZTNA works on the idea that nobody should be trusted automatically. It asks for verification from anyone trying to access the system. This method makes sure that only people who are supposed to see sensitive data can get to it, greatly lowering the chance of a data breach. NordLayer enhances this by checking who is trying to access what and the security of their devices. This stops unauthorized people from getting in and helps prevent data breaches.

NordLayer also helps companies use the Security Service Edge (SSE) framework, which efficiently protects corporate data and customer data. SSE combines several essential security tools into one service that’s based in the cloud. This includes things like firewalls as a service and ways to keep web browsing safe. Using SSE, companies can move faster and are better at stopping, spotting, and dealing with online dangers. SSE makes sure that only safe web use is allowed, keeping companies in line with their rules. It also uses a method where no trust is assumed; trust must be earned continuously. This means better protection against identity theft and more control over who gets to access what in the cloud.

If you have any questions or need more information, please contact our sales team. They’re ready to help you.

Accrete Inc. is an artificial intelligence company that specializes in a variety of sectors. Its wide range of products supports government, entertainment, financial services, and consumer packaged goods. The company has established a reputation for its innovative supply chain analysis and social media aggregation solutions. 

Peter Bierfeldt, the Chief Information Security Officer, oversees the security of the company’s intellectual property, customer data, and overall reputation. He shared how working with governmental and other high-risk clients requires a focus on layered security and how Accrete Inc. achieved it using NordLayer.

The challenge

Securing cloud environments for high-risk data clients

Accrete’s unique position in the market, dealing with sensitive government contracts and a global workforce, posed significant cybersecurity challenges.

The company works with a diverse range of clients, including the US Department of Defense. This requires them to follow stringent security standards like FedRAMP and NIST 800-171.

The primary concern was securing a virtual, cloud-based network environment against potential threat actors, particularly in high-risk countries.

Additionally, Accrete faced challenges in managing a globally dispersed team with offices in the U.S. states and India, requiring secure and reliable access to the network from various locations worldwide.

The solution

Combining multiple security functionalities for the best result

Accrete Inc. chose NordLayer as their cybersecurity partner, transitioning from their previous VPN provider.

The company’s network security combines layers of different capabilities and functionalities. It includes virtual private gateways, IP allowlisting, SSO and MFA implementation, strong passwords, and antivirus protection. Thus, it must have been not only just a VPN but a solution that does more.

As Peter notes, different from free tools, the company is paying for the service to protect their information. Having government customers dealing with financial services and insurance, Accrete Inc. must ensure that nobody’s snooping on their traffic, and with a company like NordLayer, they don’t have to worry about it.

Why choose NordLayer

NordLayer was selected for its robust VPN solutions, global points of presence, and seamless integration with existing systems like Okta SSO providers.

One of the main objectives for Accrete Inc. was to establish a failover in case of an outage. Deploying at least two private servers ensured high service availability. This approach means security isn’t compromised, even if one of the virtual gateways flatlines for a few minutes.

A solid mesh of security and business continuity measures established with the NordLayer tool

The key reasons for this choice were:

• NordLayer’s global network infrastructure provided low-latency, secure connections for their international team, which was particularly beneficial for the office in Mumbai.

• The ability to establish failover systems ensured uninterrupted access and network resilience.

• NordLayer’s reputation for reliability and security compliance aligned with Accrete’s needs for protecting sensitive government-related data.

• The ease of onboarding and user-friendly nature of NordLayer’s services minimized IT overhead and facilitated smooth integration into Accrete’s operations.

The outcome

Complete team protection to enable full network security

Implementing NordLayer resulted in a strengthened cybersecurity posture for Accrete Inc. The new system enhanced network security without compromising on performance, even for remote and international team members.

Accrete Inc. added VPN gateways to cover both the United States and India, supporting all staff.  VPN usage mitigates the risk of leakage of even relatively benign information like email addresses and user names.

Accrete Inc. successfully met the compliance requirements for their government contracts and ensured the integrity of their intellectual property and customer data.  FedRAMP requires that only trusted devices access the network.  By combining allowlisting via the VPN to access the network via Okta, Accrete Inc. was able to address several FedRAMP controls.

The shift also demonstrated a commitment to utilizing leading-edge technology solutions to address complex security challenges.

Pro cybersecurity tips

We talk with our clients not only to learn their experience using NordLayer but also to understand how cybersecurity experts perceive online security. Thus, we asked the Chief Information Security Officer at Accrete Inc. to share his personal favorite tips for building digital hygiene habits.

Accrete Inc. is a perfect example of how a layered approach to security can ease and improve your network protection journey. NordLayer is a solution that takes granular control of establishing different security measures, so they create a robust mesh against digital threats.

Today is just like any other day at the office. You are going through emails and laying out plans for your company’s upcoming big project when suddenly, your screen freezes. None of the troubleshooting steps work. Quickly, your IT team becomes anxious; the company’s network has stopped working. The reason is a security breach tied to stolen credentials from RIPE, an organization that assigns IP addresses across numerous countries.

This situation is similar to what Orange Spain experienced, suffering an outage due to a hacker who improperly accessed their RIPE account. Researchers at Resecurity have noticed a troubling trend: the dark web now houses millions of stolen network operator credentials, which cybercriminals are poised to misuse.

The dark web serves as a hidden space where these stolen credentials remain unseen. It is also where attackers coordinate their plans and recruit accomplices for future breaches. 

For businesses, keeping an eye on the dark web is vital. It helps uncover new threats and trends as they arise. 

Equally important are cybersecurity practices. They shield businesses from an increasing array of cyber threats. 

By combining dark web monitoring with solid cybersecurity, businesses can establish a protective strategy to remain secure.

That’s why we talked with Mary D’Angelo, a leading Cyber Threat Intelligence and Dark Web Advisor. We discussed how the dark web works and explored why businesses might need dark web monitoring.

The interview’s highlights

• The deep web makes up 80% of the internet, while the dark web and clear web each make up 10%.

• The US Navy originally created the Tor network for good reasons, but now less than 1% is for whistleblowers and journalists.

• Dark web monitoring lets businesses see planned attacks, indicating the immediate need for protection.

• Ransomware groups are growing, and threat actors are switching to platforms like Telegram.

• Companies should combine dark web monitoring and cybersecurity practices for early threat detection.

Key insight #1: the clear web makes up only 10% of the internet

NordLayer: To start, what is the dark web?

Mary D’Angelo: When I discuss the dark web, I refer broadly to its distinction from the deep web and the clear web. The dark web is a segment of the internet accessible only through specialized software, typically Tor, which I’ll mostly reference. It’s because Tor is the most commonly used. The deep web and clear web are other internet segments. The clear web includes anything findable via Google and other search engines. The deep web, while still accessible through search engines, comprises sites that are very hard to enter. Statistics indicate that the deep web constitutes 80% of the internet, with the dark web and the clear web each accounting for only 10%.

NordLayer: The dark web ensures anonymity and is technically limitless. How does the Onion Router contribute to this anonymity?

Mary D’Angelo: The Onion Router, a type of software made to connect to the dark web, encrypts messages in multiple layers, similar to an onion. These messages, when sent, pass through various relays or nodes, mixing up communications. Upon receiving a message, each relay cannot trace its origin, making it extremely difficult to track the messages and users’ activities.

Key insight #2: the original purpose of the dark web, initiated by the U.S. Navy, now makes up just 1% of its current content

NordLayer: Could you explain the legal and illegal aspects of the dark web?

Mary D’Angelo: It’s a common misconception that the dark web is entirely illegal. Initially, the Tor network was developed by the US Navy research team to enable secure communications. 

The primary purpose of the dark web was to assist journalists and whistleblowers in remaining anonymous and using encrypted messaging on a privatized platform. Over time, it has evolved to host a significant amount of illegal activity. 

It’s estimated that 40% of the dark web is comprised of child sexual exploitation material, with less than 1% now dedicated to whistleblower and journalism activities. The majority involves illegal marketplaces, threat actor forums, ransomware groups, and similar entities.

NordLayer: But the dark web also has positive uses for privacy and free speech. Can you discuss them?

Mary D’Angelo: The dark web is valuable for media organizations and individuals in censored countries, providing a secure communication channel. Organizations like ProPublica use the dark web for secure communications, offering a platform for whistleblowers and those reporting from repressive regimes.

NordLayer: Considering its origins, does the dark web offer more security than platforms like Amazon?

Mary D’Angelo: The comparison depends on what you mean by security. The dark web provides anonymity, encrypted messaging, and privacy, even for websites. Users on the dark web enjoy encrypted and anonymized communication unseen by others. Conversely, Amazon tracks all user information, making the dark web, in some respects, more secure. However, this anonymity also contributes to the prevalence of illegal activities.

NordLayer: Is regulation of the dark web a significant challenge?

Mary D’Angelo: Yes, law enforcement faces considerable difficulties in tracking down illegal activities due to the dark web’s structure. Although recent efforts have improved, the process is complex and time-consuming.

NordLayer: Can dark web marketplaces be shut down successfully?

Mary D’Angelo: Marketplaces like Silk Road and Alpha Bay have been taken down by law enforcement, involving extensive international investigations. Often, the downfall of these sites is due to the carelessness of threat actors. However, new marketplaces frequently emerge, creating a continuous cat-and-mouse game between law enforcement and dark web users.

NordLayer: How does law enforcement investigate the dark web?

Mary D’Angelo: Investigations involve collaboration with various agencies and platforms like ours that can index and search the dark web efficiently. Law enforcement builds cases on threat actors, tracking their movements and communications, often capitalizing on their mistakes to dismantle operations.

Key insight #3: dark web monitoring helps to detect the threat on its planning stage

NordLayer: How did your interest in the dark web begin?

Mary D’Angelo: My journey into the dark web began with my background in cybersecurity and network detection. Joining Searchlight Cyber, I deepened my understanding of threat intelligence and the significance of dark web monitoring to identify potential security threats to organizations.

NordLayer: Why is it important for businesses to monitor the dark web?

Mary D’Angelo: The dark web is a hub for threat actors to plan attacks. Dark web monitoring allows businesses to detect potential threats early in the planning stage, giving them more time to prevent attacks.

NordLayer: So how can organizations monitor the dark web effectively?

Mary D’Angelo: Companies like Searchlight Cyber provide services to monitor the dark web safely and efficiently, helping businesses to protect themselves without risking exposure to malicious content.

NordLayer: Can you share a success story related to dark web monitoring?

Mary D’Angelo: Our human intelligence team does a lot of the undercover work. Accessing some dark web sites is tough; it requires specific permissions. Our team managed to enter these sites and found someone selling domain access control credentials for a large US airline. They didn’t name the airline to avoid detection but shared details like the revenue size, location, and access type. High pricing often indicates legitimacy. Upon discovering this, I contacted the airline’s security team to alert them, despite them not being our client. We then discussed the intelligence, which was new to them, and together, we devised a plan to enhance their security.

NordLayer: That’s impressive. What security measures do you generally recommend to introduce? 

Mary D’Angelo: We generally suggest enforcing multi-factor authentication (MFA) across all platforms. The approach depends on the attack type, but ensuring MFA is in place is crucial so that only authorized individuals have access.

Key insight #4: Ransomware groups are hiring, which means even more attacks in 2024

NordLayer: Have you observed any trends in the dark web, such as an increase in ransomware groups?

Mary D’Angelo: Last year, we saw ransomware groups increase their recruitment. This means that they only plan to increase their attacks. They now have larger budgets because they were so successful last year in terms of the ransom payments. And so now they have more purchasing power, they can buy better exploits and better credentials. Bad actors also have their AI tool, called fraud GPT, which can just more easily and quickly make very sophisticated attacks.

Related articles

 

In Depth

NordLayer insights: the making of a Black Friday cyber scam

14 Nov 20238 min read

 

Partner Program

Capitalizing on threats & opportunities – now is the time to venture into cybersecurity

17 Aug 20236 min read

 

NordLayer: How can businesses and law enforcement adapt to the evolving threat landscape on the dark web?

Mary D’Angelo: Understanding the tactics, techniques, and procedures (TTPs) of threat actors allows organizations to build more effective defenses. Monitoring threat actor movements helps in developing predictive security measures.

NordLayer: There is also a kind of “Robin Hood” mentality among some ransomware groups. Can you elaborate on this?

Mary D’Angelo: Interestingly, some ransomware groups adhere to a moral code, avoiding attacks on hospitals and focusing on other targets. This nuanced behavior among threat actors highlights the complex ethical landscape of the dark web.

NordLayer: Despite some groups avoiding healthcare targets, the sector remains highly vulnerable. Why is that?

Mary D’Angelo: The healthcare sector often faces the highest ransom demands, with many hospitals lacking the security infrastructure to defend against sophisticated attacks. The sale of access credentials to healthcare institutions is alarmingly common.

NordLayer: There’s also a trend where threat actors are shifting from dark web forums to encrypted messaging platforms like Telegram. Why do you think threat actors are choosing these platforms?

Mary D’Angelo: The shift to encrypted platforms like Telegram reflects threat actors’ increasing paranoia and desire to evade detection. As law enforcement and security firms improve their monitoring capabilities, actors seek new ways to communicate securely.

NordLayer: How do you conduct research on the deep web and platforms like Telegram?

Mary D’Angelo: Our team utilizes a combination of human intelligence and proprietary automated technologies to gather intelligence from various platforms. This allows us to monitor threat actor activities across the deep web and dark web comprehensively.

NordLayer: What future research directions do you see for dark web intelligence?

Mary D’Angelo: Collaborating with security practitioners and academic researchers can lead to innovative strategies for mitigating risks and combating cyber threats. Future research will likely focus on predictive analysis and the development of more sophisticated defense mechanisms.

Key insight #5: for businesses to stay safe, they need all employees to be aware of possible attacks

NordLayer: What general advice would you give businesses to enhance their security?

Mary D’Angelo: Businesses should prioritize early detection of threats by monitoring for reconnaissance activities. Leveraging threat intelligence to understand the landscape and adopting a proactive security posture can significantly reduce the risk of attacks.

NordLayer: How important is cybersecurity awareness?

Mary D’Angelo: Cultivating a culture of security throughout an organization is crucial. Integrating cyber threat intelligence across all levels can inform strategic decisions and prioritize security measures, ultimately making it more difficult for threat actors to succeed.

NordLayer: In conclusion, investing in cybersecurity is more cost-effective than facing the consequences of a ransomware attack.

Mary D’Angelo: Absolutely. The cost of proactive security measures is significantly lower than the potential losses from a successful cyber attack.

How NordLayer can help

NordLayer offers a comprehensive security approach, protecting your team with Threat Prevention from harmful sites, securing online activities with VPN, and ensuring appropriate access with Cloud Firewall. Beyond these tools, we advocate for adopting Zero Trust Network Access (ZTNA), Security Service Edge (SSE), and other cybersecurity frameworks to strengthen your defense. Our sales team is always here if you need any help along the way. 

Beyond NordLayer’s offerings, it’s essential to create a culture of cybersecurity, maintain up-to-date software, and use secure communication tools. Additionally, assessing your vendors through a Third-Party Risk Management Plan and restricting their access can significantly mitigate risks.