Data Breaches That Will Haunt You

Data Breaches That Will Haunt You

This year has been filled with some of the biggest data breaches in history, which is a truly horrific thought.

Halloween is a ghoulish time of year. AMC’s Fearfest is in full swing, Hollywood’s latest terror-inducing features open in theatres, and parties like “A Nightmare on Queen Street” and “Halloween Freakout” are organized. While Jason, Chucky, and Freddy were the nightmares of our childhood, these shriek coaxing monsters seem almost cuddly compared to the shackles of our identity, personal information, and credit rating. Whether you were a Boomer, horrified by Psycho and Rosemary’s Baby; A Gen X’er, terrified by The Shining and A Nightmare on Elm Street; or A Millennial kept up by Scream and Saw, none of those could have prepared you for the horrors of the modern data breach.

 

This year has been filled with some of the biggest data breaches in history, which is a truly horrific thought. It’s a nightmare for everyone involved, and it feels like we’re living in a horror movie. Maybe it’s more than a feeling, maybe we are living in a horror movie. If that’s the case, then tying these breaches back to common horror tropes (from TVTropes.org) should be relatively easy.

 

The Ominously Open Door
The open door, lurking just down the corridor is a common scene in movies, but, in horror movies, it always comes with a jump-scare. That door at the far end of the room is just slightly ajar but we all know it should be closed. Our protagonist approaches the door, the music intensifies, she pushes the door open and we all jump as we get a full view of the monster. Repeat after me, ‘Nothing good ever comes of open doors.’  This same trope can be applied to the Verizon breach in July. An open AWS S3 bucket contained data on somewhere between 6 and 14 million customers. It’s a reasonable assumption that this open “door” scared the Verizon customers whose data was leaked. Much like slasher films, where the same story is told dozens of times, this method of gaining access is not unique. Open AWS S3 buckets also led to the loss of 1.3 million student records from data warehousing company Schoolzilla and more than 9,400 resumes from applicants to the security firm TigerSwan.

 

Anyone Can Die

You never know who is next in the movies. It could be any character at any time. Not only people but animals are also a possibility, so you have to expect the unexpected. Whether you have one scene with no lines or appear in the entire movie with a 15-minute monologue, no one is safe. Just as you think that the last of the heroes will make it out of the haunted house, a glint of an axe on the camera reminds you, “No One Is Safe!” The same is true in the data breach world, just ask the victims of the Edmodo breach. The data of 77 million users was exposed, which is considered to be the largest breach of K-12 student data in history. Data breaches don’t just impact adults, everyone’s data is fair game to malicious actors.

 

Absurdly Ineffective Barricade

We’ve all seen this. Running from the monster, our hero ducks into a room and slams the door. He wedges a small chair under the door handle and breathes a sign of relief. Moments later, the door and chair fly across the room as the monster smashes its way in. The more applicable instance, however, is the bumbling band of misfits that pile every item in the room against the door, step back, proud of their accomplishment, only to turn around and see the monster enter the open door at the opposite end of the room. You can have all the security you want in place, but one opening anywhere is enough for our horror movie villain – and hackers – to get in. Take Equifax, for example, where a single overlooked vulnerability resulted in the exposure of the personal data of 143 million people and more lost sleep than the entire Nightmare on Elm Street franchise.

 

The Calls Are Coming from Inside the House

From 1979’s ‘When a Stranger Calls’ to Drew Barrymore’s iconic opening scene in Scream (1996), this is a well-known and oft-used trope. In the days of cell phones, this doesn’t quite have the same scare factor but many of us remember how scary the idea of picking up the phone and finding out someone was calling from inside the house was. In the days following the release of Scream, babysitters were more vigilant than ever before. While not tied to a specific media worthy breach, the risk from insiders permeates enterprises. According to Verizon’s “2017 Data Breach Investigations Report” more than 14% of breaches involved insiders or privilege misuse. That number is frighteningly high.

 

Camp Unsafe Isn’t Safe Anymore

Relax! We’re safe here… at least until we aren’t. You find a room, you take refuge, knowing that the movie’s killer can’t catch you here and then, suddenly, someone realizes that he can. It was never safe, even when you thought it was. This feels like an overarching theme in the security world. Vulnerabilities always exist, even before they are discovered and every safeguard we make is ultimately flawed in some way. This year, we saw multiple breaches where the aftermath involved MD5 hashes of user passwords being released. This involved both 715K members of PoliceOne, a LEO community, and 700K members of DaFont.com, a font sharing website. MD5 was never really safe, it just took many years for someone to say “Hey, this doesn’t feel very safe,” and many more before anyone demonstrated just how unsafe. At least in the movies, our protagonists know to run when this is said but, in this case, these sites continued on with the broken and insecure hashing algorithms.

 

So, maybe we are living in a horror movie, maybe nightmares are haunting us every day. Statistics for the first half of 2017 put the breach count at 5 breaches daily[1]. If you aren’t scared, you should be. Unlike horror movies, we can’t turn on the lights at the end of the show and remind ourselves that it’s a work of fiction. This is real life and the numbers are scarier than anything Hollywood has ever dreamed up.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.