Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Business

Why open databases are easy pickings for cyber criminals

iStock 1216520813 - Global Banking | Finance

David Sygula Senior cybersecurity analyst at CybelAngel - Global Banking | FinanceBy David Sygula, Senior cybersecurity analyst at CybelAngel

A truly colossal amount of personal data is routinely leaked or stolen on a daily basis. Research has found that over 36 billion records were exposed in 2020 alone.

Many of these breaches were the result of highly sophisticated cyber attacks that are difficult for even the most well-protected firms to stop. But the truth is that countless records are left exposed online, requiring a criminal to do little more than locate them to cause a breach.

The biggest issue is open databases, which are believed to be the cause of 86 percent of all publicly accessible sensitive data sets. These are databases which have been set up with no security controls, often lacking even a basic username/password requirement, which means they are freely accessible to anyone who can locate them. These misconfigurations are responsible for 67 percent of enterprise data breaches.

Open data is like chum in the water for cyber criminals, and likely to be found and raided by attackers quickly and repeatedly. So how damaging are exposed databases, and what can be done to secure them?

The mounting cost of unsecured data

Some of the largest breaches in recent times have stemmed from unsecured public databases. In June it was discovered that a database of 815 million records was left unprotected by web hosting company DreamHost. Last year, BlueKai, a data analysis platform owned by Oracle was found to have left potentially billions of records exposed through an unsecured server.

Such breaches can be cripplingly expensive for the data holder. The average cost of a breach involving 40-50 million records was estimated to be $364 million in 2020, an increase of $19m from the year before. The average cost in 2020 jumped to $388 million for incidents involving more than 50 million records.

Alongside the obvious motivation of financial gain open databases may also be targeted by “Meow” attacks, which are thought to be a form of radical advocacy for data privacy. Data is completely deleted from the unsecured database, without an accompanying threat or ransom. The unusual name comes from the fact the original index is given a new name ending in ‘meow’. One of the first prominent Meow attacks hit UFO VPN, which had previously made the headlines due to another breach that exposed customer data that had been stored in plaintext.

Whether misguided activism or simply a prank, these attacks are less damaging than criminal theft, but still problematic for the organisation. Not only do they have to contend with the repercussions of data loss, but the very nature of the attack makes it more difficult to identify the security vulnerabilities that were the root cause of the attack.

Why are databases left exposed?

Attackers can quite easily sniff out public databases using automated scanning tools. If the misconfiguration extends to a lack of any form of security control, they will simply be able to access the datasets immediately and copy, encrypt or delete as desired. Even when username/password measures are in place, they are often minimal at best, using common combinations or credentials that have been stolen in previous breaches.

Research found indicates that MongoDB databases are the ones often hit by criminals as they are left publicly discoverable online and unprotected. However, this is likely due, in part, to the popularity of MongoDB rather than a particular failing, and these issues are common across most database types. We also found the majority of database security failings stem from third party and open source software.

However, while technology is a key factor in database exposure, it is human error that tends to have the greatest impact. Common issues such as publicly discoverable databases that lack password protection will likely be the result of personnel that lacked the time, resources or knowledge to configure them correctly when they were first created. Similarly, neglecting routine tasks such as applying update patches will leave databases vulnerable to new malware and attack techniques.

Minimising the risk

It is accepted wisdom that some security breaches are unavoidable. An attack exploiting an unknown unknown is extremely difficult to detect and prevent before damage is inflicted. The majority of breaches involving databases however are the opposite.

The main principle for effective database security is getting the basics right. Fundamental steps such as disabling a cloud database so that it is not publicly discoverable and ensuring that effective access controls are in place need to be completed every time any asset goes online. Likewise, good security hygiene around things like patch applications and credential reuse need to be followed to keep databases secure.

To achieve this, firms not only need to have the right processes and tools in place, but also ensure that staff have the training and capacity to carry them out. Businesses need to make a judgement call whether it is best for them to develop these skills internally or outsource to a specialist.

Organisations can also take steps to ensure their current IT estate is properly hidden and protected. Comprehensive IP scanning can help to detect leaks of sensitive and mission critical data, revealing databases that have been left publicly discoverable, as well as data that has already been breached. Ideally this should cover other assets such as OT, IoT, cloud applications and code repositories – anything that can potentially host sensitive data and is exposed to the internet.

Firms also need to detect signs of attempted and successful attacks as quickly as possible, improving their chances of disrupting the kill chain early into the attack.

With so much data already out in the world, and so many relentless threat actors targeting it, the staggering number of records breached every year is unlikely to go down any time soon. By taking the time to get the basics right and building a strategy around quickly detecting and preventing breaches, organisations can minimise their chances of becoming yet another breach statistic.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post