Why preventing a data breach starts with following data breach news

By Garrett Evenson

As a security consultant at Wipfli, I spend a lot of time conducting penetration tests, vulnerability assessments and social engineering tests where I actively attempt to gain unauthorized access to information or systems. It sometimes blows my mind that I have a job where I have to think like a criminal, in order to actually help my clients.

One of the ways I keep up with what the bad guys are doing is fairly simple — I just read the news. Data breaches occur on a daily basis, and many, many of them make the news.

The largest motivator of cybercrime, according to Verizon’s Data Breach Investigation Report for 2019 is, you guessed it, money. As a result of the majority of data breaches being financially motivated, it’s easy to see why financial institutions are a frequent target. You’ve got money, or information, and people want it.

In 2019 there were 1,509 network security incidents reported by financial institutions, with 448 of those confirmed to have had a data breach, all of which cost financial institutions millions of dollars and exposed financial information for just as many customers.

So why should you read news about data breaches?

The fact is, it’s better to learn from (for lack of a better term) the mistakes of others, rather than being responsible for the mistake.

Now that’s not to say that every breach that happens is the direct result of a company’s security posture, as new attacks surface constantly. But seeing the trends of attack vectors and how they’re carried out can help inform your financial institution’s security posture just as it helps me learn about new ways to gain unauthorized access to systems.

While it’s near impossible to 100% prevent a breach from occurring, there are some things you can do to make it more difficult for attackers.

• First and foremost is educating your employees, as they are often the first line of defense against an attack. Ensure your employees are abiding by your financial institution’s security policies.
• Use multi-factor authentication for logging in to devices and services.
• Implement a strong password policy that prevents the use of dictionary words and other easily guessable character strings. I probably don’t need to tell you how frustrating it is to find people using “password1” or “summer2020” as a password, and it may alarm you how often I come across those.
• Have a strong patch-management program that keeps your devices and software up to date, and only use operating systems and software that are currently supported by their vendor, in order to make sure your systems are less susceptible to vulnerabilities being exploited.

While these things won’t prevent every kind of attack, it will make your financial institution’s attack surface smaller and more challenging for attackers.

So how does one go about following news surrounding data breaches?

Well, there are plenty of websites out there that report specifically on cybersecurity news. My personal favorites are threatpost.com, krebsonsecurity.com, securityweek.com and bleepingcomputer.com, as they tend to provide some good technical detail about the breaches.

If looking up that kind of news regularly on your own isn’t your jam, I also put together a newsletter every week that contains news about breaches, new vulnerabilities and new patches being released. It’s called the WipfliSecurity Weekly, and you can subscribe to it by going to www.wipfli.com/subscription and scrolling down to WipfliSecurity Weekly.