Three Ways to Protect Your Company’s Network Infrastructure from Data Exfiltration and the Cost of Inaction

Recently, a user in a low-level hacking forum shared the phone numbers and personal data of roughly 533 million Facebook users. This points to a massive case of data exfiltration. According to the cybercrime data and analytics company Hudson Rock, the leaked information included personal data from over 106 countries – 32 million accounts were associated with the United States, 11 million with the United Kingdom and 6 million with India. Back in 2019, millions of Facebook users’ phone numbers were exposed online. That same year the company said the vulnerability leading to the leak was patched.

The reality is, unlike a stolen tangible item, exfiltrated data can never be retrieved or erased. Control over the data is lost at the point it is exfiltrated. Whether the recent post featured Facebook data that was leaked back in 2019 or following a second data breach, the information is valuable to hackers and cybercriminals that engage in identity theft. And, once it’s out in the open, it’s next to impossible to reel back in.

So, how does your company avoid becoming the next Facebook and prevent data exfiltration? How do you protect your infrastructure from Personal Identifiable Information (“PII”) theft and no power to recover the lost data?

1. Proactive Detection/Penetration Testing

When it comes to data protection, taking a proactive approach will give your company the upper hand against cyber threats and attacks by ensuring data is secured over the course of its life cycle. As a result, both accidental and malicious breaches can be minimized or prevented entirely.

Unfortunately, cybercriminals know that the easiest way to breach a company is through the people it employs. Therefore, protection begins at the staff level. Regular training can increase your employees’ awareness of what to look out for or avoid, and help make sure that poor security practices are a thing of the past.

Companies should also participate in vulnerability assessments and penetration testing. Vulnerability assessments will help your company discover the weaknesses within your infrastructure. Penetration testing is a “hands-on” process. A cybersecurity expert will use the methods of a hacker to attempt to exploit your systems vulnerabilities to reveal the ways in which unauthorized access is possible. Penetration testing will ultimately identify the flaws that pose a threat to your applications and enable you to strengthen your security around those pain points.

2. Dark Web Monitoring/Reporting

As we can see from the recent Facebook hack, there’s a ton of malicious activity on the internet – particularly behind the scenes. The “Dark Web” is a difficult to access part of the internet where hacked information and databases are purchased and sold.

The Dark Web is essentially the “wild, wild west” of the internet. Cybercriminals are buying and selling data for profit on Dark Web browsers that the average internet user doesn’t know how to use. As of 2020, there are more than 18.7 billion records and 15 billion username and password credentials for sale on the Dark Web.

Dark Web monitoring and reporting is crucial because compromised digital credentials are amongst the most valuable assets found on the internet’s black market. Your company needs monitoring 24/7, 365 days a year to ensure sensitive data is not accessible on private websites, hidden chat rooms, black market sites, peer-to-peer (“P2P”) networks, internet relay chat (“IRC”) channels or the growing list of social media platforms.

When you’re proactively seeking real-time awareness of compromised credentials, you can know when credentials are unsecure and act before identity theft or data breaches occur.

3. EDR/MDR

Another way to safeguard your organization from PII theft is to detect unusual activity or communications with known command and control (“C&C”) servers. A C&C server is a computer that is controlled by a cybercriminal and which is used to send commands to systems compromised by malware and receive stolen data from a target network.

Being tuned in to activity happening on C&C servers through Endpoint Detection and Response (“EDR”) and Managed Detection Response (“MDR”) can help you mitigate or stop potential data breaches in their tracks. EDR combines automated analysis, detection, investigation and reporting functions to catch, hunt and respond to threats in real-time.

MDR achieves similar ends with a higher degree of involvement from a cybersecurity professional. It leverages human expertise, threat intelligence and a range of network and endpoint technologies to help companies detect and respond to threats.

The Cost of Not Acting

While a cybersecurity team may feel like a luxury, it’s an investment in the security of priceless data. Enterprises with cybersecurity programs in place can best protect their data and make it nearly impossible to breach.

Protecting your company with an expert cyberteam can be much less expensive than paying to dig a company out of a data exfiltration incident. Data breaches and security incidents are becoming increasingly costly – In 2020 IBM reported that the average cost of a data breach was $3.86 million.

Desjardins Group revealed it spent $53 million in the wake of a breach in early 2020 when the personal information of 2.9 million members was exposed. Norsk Hydro said the final cost of a cyberattack affecting it was as high as $75 million. While these figures are at the high end of the spectrum, the crippling financial impact of a data breach is very real for companies of all sizes. In fact, the financial and reputational impact on small-to-medium sized companies might be greater than the repercussions faced by established brands like Facebook. People are still using Facebook, shopping at Target and banking with Wells Fargo despite the massive breaches they’ve suffered. Smaller companies don’t have the advantages that name brands enjoy and they may have a higher risk of losing customers or taking harder financial hits following a data breach.

Cybercriminals place a high value on enterprise data and will be increasingly persistent in reaching it, constantly seeking new methods of infiltration. As a company, you must be proactive in taking the right precautions and establishing effective safeguards. Not doing so can result in financial damages, reputation damage or losing the trust of your customers and key stakeholders.

Now What?

If you’re thinking – Where do I begin? How do I start to implement these proactive strategies? Who on my team can handle this responsibility? You may be best served by contracting outside help from trained professionals. Hiring a cybersecurity firm is the most time and resource efficient way to ensure you are safeguarding your organization from PII theft and data exfiltration.

Marcum Technology provides a full cybersecurity service offering. If you need any help, from beginning a review of your security posture to investigating a cybersecurity incident, or even if you just want to ask for advice on a situation you are facing, please contact us at [email protected]. #AskMarcumTechnology