You may be familiar with Troy Hunt’s simple, yet sophisticated, domain monitoring site, Have I Been Pwned (HIBP). The site gives users the opportunity to instantly check whether their personal or company domain has been involved in a data breach incident. It’s a very interesting site, and you might be surprised to learn just how many data breaches your personal information was involved in. I thoroughly recommend you take a quick look for yourself and take the appropriate action should your personal information be listed in a known breach.
HIBP has grown in popularity exponentially over the last few years. So much so, that now (according to creator, Troy Hunt) both the UK and Australian governments are using the site to monitor whether their government domains have been involved in breaches. He shared this news through his Twitter account:
I'm proud to announce that @haveibeenpwned is now being being used to monitor UK and Australian government domains nationwide. I've been working with the @NCSC and ACSC to ensure they have a model where they can get fast access to their own information https://t.co/qUkyGzadzy
— Troy Hunt (@troyhunt) March 1, 2018
For years, independent government departments were using HIBP independent from one another. After consulting with Hunt, it was decided that there was a necessity to increase the scope to all departments. As Hunt put it:
“As of now, all UK government domains are enabled for centralised monitoring by the National Cyber Security Centre (NCSC) and all Australian government domains by the Australian Cyber Security Centre (ACSC).”
How to Avoid Data Breaches
If you’ve searched for yourself on HIBP and got the green light, don’t stop there. Just because you haven’t been involved in a breach yet, doesn’t mean that it won’t happen. Take a leaf out of the UK and Australian governments’ books and take proactive steps towards preventing data breaches.
There are numerous things you can do to help mitigate the risks of a data breach. Whilst most can be implemented from the IT department, to ensure that you are truly secure, you will need the co-operation of everyone in the organization, right down to the end user. That’s where we will start:
1. Treat data breaches like you would a fire
You have to treat data breaches like you would any other security threat. I’m sure your organization runs regular fire drills to ensure that employees know how to react in the event of a fire. You should treat the security of your data in the same way. Cary out regular risk assessments, put in place appropriate safety measures and train staff on how to both prevent and react to data breaches.
2. Beware of BYOD
As we know, the average worker now is far more mobile than they used to be. Bring your own device (BYOD) is the current norm, as more and more people are using their mobile devices and laptops to access business critical information, whether that be over a web server, email system or Active Directory, for example. In order to ensure that your data remains secure should one of these devices be the victim of an attack, it’s wise to deploy an Intrusion Detection System (IDS).
3. Monitor what your users are doing
Statistic after statistic shows us that the biggest threat to data security comes from within the organization. It’s all well and good building up your defences to prevent attacks from the outside (and it is thoroughly recommended) but, unfortunately, many organizations still don’t put the same focus on defending against insider threats. The users that have privileged levels of access within your systems and to your data, pose the biggest risk to your security. In many cases, this level of access is legitimate, and so if a data breach does occur it can be very difficult to detect.
The best way to mitigate the risks of insider threats is be constantly monitoring and alerting on the activities of your privileged users when it comes to your most sensitive data. You should be able to instantly identify whenever a change is made to a critical file or folder (such as a copy event, modification, deletion etc.) and also being able to instantly identify whenever a permission has changed (potentially a sign of privilege abuse). Unfortunately, the native auditing methods for doing this are cumbersome and time consuming. They do not have any pre-defined reports and do not allow you to perform this kind of auditing on a continuous and proactive basis. So, what’s the alternative?
How LepideAuditor Helps Mitigate the Risks of Insider Threats
LepideAuditor is a scalable, affordable and powerful solution that enables organizations to protect their unstructured data. It offers, the simplest, most intelligent means of getting insight as to what’s really happening, to help you mitigate the risks of data breaches.
Essentially, the solution overcomes the limitations of native auditing by enabling you to run pre-defined reports and view real time alerts that help you keep track of the activities taking place in your critical on-premises and cloud-based systems, as well as tracking file/folder level activity and permissions/permission changes. By monitoring such activities, LepideAuditor enables you to detect anomalies that may indicate a user has become a threat. Start your free trial today.