As Latest Breach Updates Show, Security Incidents Often Worse Than Initially Reported

As it is Cybersecurity Awareness Month, I’m often asked for my top piece of advice on security. That advice changes, depending on my mood or the situation or the person who asked. I remind my friends all the time about the importance of locking their devices and not opening anything without verifying. With friends who own small businesses, I talk about the importance of keeping customer data safe. But more frequently, I find that my words of wisdom, if you can call them that, revolve around one simple theme: In cybersecurity, expect it to be worse than it is. The corollary is, by the time you find out about the breach, the damage is done.

For example, a friend of mine revealed that her bank account had been hacked. The account has been changed, but almost immediately, the new account has been hacked. The gut reaction is to blame the bank. And it might be a cybersecurity flaw with the bank. However, it could also be that one of the companies who is given that account information is the victim of a security incident or unknowingly has malware in its system. It could be that her own computer is the source of the threat.

Our networks are so intertwined and our endpoints so vast that third-party attacks are becoming more common. It’s easy to blame the large enterprise for the mistake, but chances are greater than ever that the threat is coming from someone else we do business with. In my friend’s situation, the bank is getting the blame without knowing the details of the intrusion, and it is the bank that is taking the reputational hit.

How well do you know the security efforts of your contractors and third-party vendors who have access to your network? If one of them is hacked, will you be the one to take the blame and the financial hit? How do you ensure your customers’ information remains safe?

That’s a small personal story. There are, of course, stories in the news right now involving breaches that turned out to be more severe than immediately reported.  Equifax revealed more than two million additional records were breached, bringing up its total to 145 million records compromised. And then there was the latest update from Yahoo, telling us that three billion accounts were compromised. Yahoo’s number, you may recall, has been changing from the very beginning. As Ajay Uggirala, director of product marketing at Imperva, told me in an email comment:

It’s not surprising that the Yahoo! breach is larger than originally reported. Troves of data from this breach apparently compromised as long ago as 2012, popped on the Dark Net in 2016, which likely means that at least some of this data has been circulating through the Dark Net for years. The Yahoo! breach and others confirm what we’ve suspected, that attackers are still ahead of enterprises, even the larger companies, when it comes to covering their tracks. The alleged breaches were only detected once the leaked information surfaced on the web.

Attackers are ahead of the rest of us when it comes to covering their tracks. That’s why my philosophy is to expect that incidents are worse than the original findings or announcements. Going back to my friend’s situation, she thought the problem was solved, only to find that there was another layer of attack. How well is your company doing at ensuring the attackers aren’t covering their tracks?

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba