The Hamburg-based firm’s data breach was revealed by Krebs On Security, a blog maintained by famous security researcher Brian Krebs. Krebs found out that there has been a number of security fails involving big corporations. Last year, it was a huge breach at the Home Depot.
Krebs claimed that Kreditech is already probing the breach that came to their knowledge after hackers posted thousands and thousands of applicants’ personal and financial data on the web. The company has indicated that the data was deliberately leaked by an insider. The faulty web design was also blamed for the incident.
Many security experts may not be able to pinpoint exactly the particulars of the breach, yet it is clear from the incident that data breach remains a big challenge for corporations. Security fails have been happening in different and unexpected ways.
Some security experts have recently revealed horror stories of unencrypted emails and the blind acceptance of security audit reports by businesses. Many are concerned about the “insider threats.”
So here’s 5 common security failures that could happen even at a large company and how to protect against them:
Failure 1. IT department yet to get realistic about vulnerabilities
Solution is by getting over the hubris. Organizations are made to believe that full prevention/protection is possible and as a result they are overly reliant on blocking-based security systems. Breaches are bound to occur when businesses fail to tackle the slow identification of breaches.
Most IT firms also under-invest in automated response and risk mitigation capabilities. This is bad because a single infected endpoint connected to the company’s enterprise network can lead to internal malware propagation and also a full-scale outbreak if businesses don’t have automated response and risk mitigation control system properly set up.
Kumar also said that many businesses tend to overlook less likely infection pathways such as malware propagated through USB drives, or devices that may have been infected on public networks before connecting to enterprise network system.
Failure 2. Focusing too much on external risks
Businesses should start considering the fact that insiders also pose security threats. It may not be in the form of deliberate sabotage or theft, of course. But lost or stolen devices or accidental data loss could have serious consequences.
Failure 3. Believing in “safe” sites
Even the highly trusted websites could be compromised and use users data to serve malware. In fact, attackers now frequently target such sites because they deliver a valuable user base.
Failure 4. Thinking that your employees would follow all your security directives
Despite news about email risks and enterprise training programs designed to prevent bad practices, many organizations report that between 30 to 70 percent of their employees still click links in test emails designed to see if users can recognize and avoid phishing attacks.
Here’s simple solution: Admit that your workers are a very weak link. And you should act accordingly.
Todd Waskelis, vice president of security consulting services at AT&T Consulting Solutions, thinks that the simplest way to inject malware into company’s system is via the end user, be it email with malicious files or links or through infected removable media.
Failure 5. Attributing security as IT problem
Share the problem if you are getting buy-in and financial resources from the board of directors and upper management, said Michael Flickman, CTO officer of Diligent Board Member Services.
He is of the opinion that board members should have an opportunity to ask questions as and when require to the senior executives. They would be helpful in protecting data breaches by making sure that management has implemented internal awareness course and best practices.
These suggestions somehow just adjust the low-hanging fruit. Some experts can get really wonky on the issue. It is better to delete unneeded emails on a regular basis. He also said that many companies keep everything, on the theory that big data will somehow turn yesterday’s trash into tomorrow’s treasure.
Even as Kreditech has learnt a variation on security breach lesson, it is crucial for you to take steps from them and be prepared.