Deck 26: Data Breaches

Explain how data breach occurs with an example.

Hackers are continually developing new tools and techniques that enable them to steal more data.They experiment with new attack vectors,or ways of attacking a target.In the data breach that occurred at Target Corporation in late 2013,attackers first purchased malware designed specifically for the attacks they planned to carry out.They then used spear phishing,or a targeted phishing attack,to infect a Target third party vendor's system and gather keystrokes,login credentials,and screenshots from the vendor's users.The attackers used this information to gain access into Target's internal network.Once inside Target's network,the attackers compromised an internal Windows file server.From this server,the attackers used malware named Trojan.POSRAM to extract customer data from point-of-sale (POS)terminals.Customer data was continuously sent from the POS terminals to an extraction server within Target's network.It was then funneled out of Target's network to drop servers in Russia,Brazil,and Miami.From there,the data was collected and sold on the black market.

An exploit is a type of attack vector used by hackers.

Spear phishing is used by organizations to monitor traffic passing through their internal network.

Personally identifiable information includes a person's bank account numbers,personal identification numbers,email address,and social security numbers.

Explain how hackers use information stolen from data breaches for credit card forgery.

Stolen credit card information is validated through a process called carding.

Attack vectors refer to the ways hackers attack a target.

Each type of data breach is different because hackers are continually developing new tools and techniques that enable them to steal more data.

According to the reports in Ponemon's 2014 Cost of Data Breach Study,organizations are more likely to lose larger amounts of data than smaller amounts of data.

What are the steps involved in an organization's plan for a data breach?

The Gramm-Leach-Bliley Act (GLBA)is a universal regulatory law that applies to all types of industries.

Why should organizations respond quickly to data breaches?

Organizations need to understand the body of regulatory law relative to the type of information they store because they will be held accountable for implementing those standards.

Despite data breach,organizations should refrain from informing their users immediately as it will lead to mass user defection.

Data extrusion helps organizations secure their data from possible data breaches.

The Federal Information Security Management Act (FISMA)details the procedures to be followed by a federal agency in case an organization fails to ensure the minimum security requirements for its data and systems.

Performing a walkthrough should be done as part of a business continuity planning session.

Decisions on how to respond to a data breach are most effective if they are made when the breach is happening.

Data breach notifications should state that the existing security policies and procedures are inadequate and that changes are being made to prevent similar breaches in the future.

An organization can easily stop a simple SQL injection attack on its online store by additional user training,stronger vendor authentication,or an internal network intrusion detection system.

It is easier for organizations to prepare a list of countermeasures against many different types of attacks and take appropriate measures accordingly.

Organizations can implement countermeasures that make data breaches impossible to occur.

What are countermeasures? Why is it important for organizations to implement countermeasures?

List some of the regulatory laws that govern the secure storage of data in certain industries.

Explain the basic countermeasures to be taken by organizations to protect themselves against data breaches.