Half way through writing an article about how the number of high profile data breaches in 2017 has been an increase on last year, yet another monumental, yet avoidable, leak takes place. This time, sensitive and personal information of millions of transporters in Sweden, along with much of the military secrets of Swedish government, was allegedly leaked by the Swedish government themselves. This incident is set to be one of the most colossal Government information disasters the world has ever seen.
Included in the breach were the names, photos and home addresses of millions of Sweden citizens, police suspects, people in the witness protection programme, fighter pilots in the air force and much more.
How and why did this happen?
Although this breach has come into the public eye recently, it originated in 2015 when the Swedish Transport Agency went into business with IBM in a contract worth almost $100 million – one of the largest IT contracts in Swedish history – to outsource database and IT service management. The contract meant that operations were outsourced to countries in Eastern Europe, meaning that “foreign staff had responsibility for Swedish classified information.”
The catastrophe occurred when data was uploaded to cloud servers, as it became accessible to people outside Sweden who didn’t have security clearance, breaking numerous compliance standards in the process.
As mentioned earlier, the breach occurred in 2015 but the Swedish Security Service discovered it in 2016 and began investigating it. It took until just a few days ago, for Swedish Prime Minister Stefan Löfven to confirm that the transport agency exposed government databases to foreign entities. He said “what happened in the transport agency is a disaster. It is extremely serious. It has exposed both Sweden and Swedish citizens to risks.”
Aidan Simister, CEO at Lepide (provider of auditing solutions designed to help prevent data leakage) had the following to say: “Unfortunately, this recent data leak follows a trend we have been seeing with companies all over the world. Organisations either simply don’t understand the danger they’re in or don’t care enough to address it before it manifests itself. Year after year the biggest data leak incidents occur due to insider threats, and the Sweden leak is no different. The solution, however, is remarkably simple – better visibility into critical changes and permissions, in order for quicker action to be taken.”
How can we learn from data breaches like these?
Incidents like these highlight the importance and the seriousness of protecting and correctly handling sensitive personal data. The responsibility becomes even more pronounced when we’re talking about a government body. However, any organisation that handles sensitive data on a day to day basis has an equal responsibility to ensure that data is protected.
A time and tested method of helping to protect data on critical servers, including on cloud servers, is through a stringent auditing strategy. Ensuring that the critical servers you rely on in your organisation are subject to continuous and pro-active auditing and monitoring is the best way to spot unauthorised activities before they become a headline. Naturally, native auditing methods are too time consuming and too manual to really be of value. There is now a competitive market out there for third-party auditing solutions that are affordable, powerful and easy to use. Such solutions will give you far more insight into the activities taking place in critical servers and changes being made to sensitive data.
There are numerous things that third- party auditing solutions give you the ability to do. A few of them are listed below:
1. Spot insider threats before issues arise
Any user can be an insider threat and, as recent data breaches prove, the vast majority of data breaches occur as a result of insiders abusing/misusing data they have access to. Anyone with a user account in Active Directory has the potential to be an insider threat, as they can leak the data they have access to (maliciously or accidentally, whatever the case may be).
Auditing solutions can allow you to track permission changes in order to ensure that privileged permissions are granted only to those that need them. They also allow you to monitor and alert on all changes to Active Directory track file/folder level activity on File Servers. Many solutions also allow you to apply real time or threshold based alerts to be sent to administrators whenever changes like these are detected.
2. Maintain a Policy of Least Privilege
Touched on in the previous point, one of the best ways to help mitigate the risks of data leakage is to maintain a policy of least privilege, where users have access to only the files and folders that they need to do their job. In the case of the Swedish data leak, sensitive data could be accessed by foreign entities who should never have been able to see it. Auditing solutions allow you to see when the permissions you have assigned are changed, to enable you to keep permissions at the right levels. Some auditing solutions, such as LepideAuditor, even allow you roll back unwanted permission changes in Active Directory and Group Policy where necessary.
3. Determine who is accessing your data
Where there are users with privileged levels of access to sensitive data, it’s important that you have a pro-active means of auditing who uses their privilege to access this data. You should be able to tell in real time who has access to business-related files and folders and the changes made therein. This can help mitigate the risks of insider threats.
4. Meet compliance standards that ensure the protection of personal data
If your organisation stores, processes or in any way handles sensitive data (including payment data, healthcare data and more), you will no doubt be expected to comply with at least one standard, whether it be HIPAA, SOX, PCI or the upcoming GDPR. However, complying with these strict regulations can be difficult if you don’t have a solution in place to help. Many auditing solutions generate pre-defined reports that help you meet these compliances. The benefit of this is twofold, you can ensure that sensitive data is protected and also that you aren’t hit with expensive non-compliance penalties.
Pro-active and continuous auditing and monitoring will enable you to detect and prevent data leaks more easily. Combine this with real-time alerts and reports, and you have everything in your arsenal to ensure you don’t become a part of the problem. To do this, you will need to deploy a third-party auditing solution, as native auditing just won’t cut it. Be sure to pick the auditing solution that is right for you. Click here to check out LepideAuditor, a powerful, scalable and user-friendly auditing solution that could be just what you need.