What expert lessons did we learn from the Q1 data breaches?
We’re rapidly approaching the end of Q1 2021, and unfortunately, it has been a busy cybersecurity season. Businesses across the U.S. experienced a staggering amount of data breaches of all sizes and scopes; in fact, we could only cover a portion of all the data breaches enterprises dealt with thus far.
Every time a major cyber-attack occurs, Solutions Review gathers expert opinions from the top minds and voices in cybersecurity. As such, we’ve been able to provide our readers with critical cybersecurity lessons to help them prepare their organization against the next cyber-threat.
We decided to do a retrospective on some of the most insightful and critical lessons we learned from the Q1 data breaches, as shared by experts.
Expert Lessons We Learned From the Q1 Data Breaches
“While it is surprising that attackers are now targeting seminaries, leveraging RDP as an attack vector is not. RDP has certain weaknesses that can be mitigated and addressed by deploying zero trust technologies such as single sign-on (SSO) and multi-factor authentication (MFA). SSO offers ways for organizations to provide strong password usage as well as reducing the chance of credential theft, while MFA ensures that only authenticated users get access to sensitive applications and resources. Most notably, RDP has been vulnerable to BlueKeep, a vulnerability identified – and patched – in 2019. Organizations, including seminaries, should check to ensure their systems are patched.”
“With organizations migrating to Microsoft Office 365 en masse over the last few years, it’s easy to forget that on-premises Exchange servers are still in service. Some organizations, notably in government, can’t migrate their applications to the cloud due to policy or regulation, which means we will see on-premises servers for some time to come.
CISA’s emergency directive is timely and appropriate, as these vulnerabilities are being exploited in the wild now – apparently by threat actors based in China. This is another case that shows how vital it is to keep up with security patches and to make sure the organization’s security stack is up to the task of identifying novel attacks and remediating them quickly.”
From our coverage of Malaysia Airlines disclosing a data breach taking place over nine years, we share these comments from Demi Ben-Ari, Co-founder and CTO of Panorays.
“The recent data breach at Malaysia Airlines illustrates how customers’ personal data can be compromised through a third-party provider. Unfortunately, this is not the first time an airline has experienced a third-party data breach, and it likely won’t be the last. To prevent such incidents, it’s crucial for every company to perform comprehensive evaluations of their third parties that combine external attack surface assessments, security questionnaires, and business context for the most accurate view of vendor cyber risk. In addition, continuous monitoring is absolutely necessary for ongoing visibility, insight, and control of third-party security risk.”
“Cybercriminals typically break in by exploiting vulnerabilities or taking advantage of misconfigurations. In this instance, a vulnerability existed that was overlooked. We all want to trust that our cybersecurity teams are doing the best they can to keep attackers out. I believe in what Reagan once said ‘trust, but verify.’ It’s much better, and less costly, to have a trusted ally validate your security than wait until it’s validated or invalidated by an attacker.”
Thanks again to these cybersecurity experts for their expertise on the Q1 data breaches and other attacks. For more security, check out our SIEM Buyer’s Guide; we cover the top solution providers and their key capabilities in detail. Also, check out our YouTube channel, where our Breach of the Month series covers the worst cyber-attacks.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021