Data Breach Investigations Report Findings

The Data Breach Investigations Report findings for 2021 is the topic for today’s tech tip. The Data Breach Investigations Report (DBIR) is a report that analyzes all of the data breaches for the prior year. We are talking about the breaches that happened in 2021.  What they did is, they classified all of the breaches from 2021 and ranked them into broad categories as to what the major causes of the breaches are. 

There are 3 top findings from the Data Breach Investigations Report causing a lot of problems. I want to talk about the top 3 findings of major breaches in 2021. These are real and are things that you can impact by changing some habits that you have within your organization.

First off is the recognition that 85% of the breaches had a human element related to them. This could be anything from somebody clicking on an email that was a phishing attack or it could be the IT guy not configuring the firewall right. There are ways that you can do this and a lot of it can be managed through cybersecurity education. As well as, having an ongoing cybersecurity education program within your organization to keep that top of mind.

You also need to have a list on a board somewhere of who they call when something happens. The list should start with, if you click something and it acts a little funny you call your manager, IT guy, or somebody. Do not just forget about it because nothing seems to be wrong and let that keep going all the way up until you’ve had some type of security incident. If this does happen you will need to call the cybersecurity insurance company. Always have that phone number and that contact information handy just in case.

Second, is classed as privileged misuse. That is someone having too much juice. For example, being an administrator when they only need to have manager rights or they’re a manager and they only need user rights. You want to implement what we call least privileged access for the individual role and responsibilities of the employee. By allowing someone to have extra privileges you’re exponentially enlarging the surface area or the attack field. If everyone is set up as an administrator you are at greater risk for something really bad to happen.

You need to review your file shares to make sure that the general users can’t get in the manager, admin, or the owner folder. Often I go in to do a business review and I show them this report and the payroll folder is accessible to everyone in the company. They’re wondering why there’s a lot of disruption within the company or unrest. It’s because people are looking at things and making decisions on documents that they do not need to see.

Finally, the third one is web application platforms. Web application platforms are a very large target. What I’m saying is that a lot of applications have gone to the web. QuickBooks has gone to the web or your software that runs the company used to be on a file server in the closet but now it’s on the web. What happens is when you’re only logging in with a username and password instead of it being in your office and they had to break into the infrastructure of your office to enter that username and password, now they can do it from anywhere in the world.

The biggest answer to that is multi-factor authentication. It’s easy to implement. Most software already has it, but you have to be proactive and set it up. It’s not hard to do and they’ll even help you.

You would be surprised how many clients I meet who say they are HIPPA or PCI compliant because their vendor is. Yet, they are allowing anyone in the world to be able to have access to that portal to log in with their credentials and they don’t have a way of authenticating or even what’s called geofencing, where you can block countries. If you don’t have people working outside the US, block all those countries from being able to log into your web-based software.

There are a lot of ways that you can limit these risks, but these are the top three from the 2021 Data Investigations Report. You need to take action and do something about this. If you have questions, I’m here to help.