Understanding the journey of breached customer data

51% of surveyed organisations suffered a third-party data breach, according to a recent SecureLink study. The report was big news, but beneath the headline was a shocking statistic – all the respondents who suffered breaches also claimed to have a risk management programme in place. So, if these strategies are not working, how can organisations mitigate future risks? The first step is for businesses to understand the customer journey of where data attacks can occur.

Know your data – setting the scene

Data within a business today can be sorted into four main categories – login credentials, assets and infrastructure, personal data, and business-critical information. Widescale adoption of cloud services means your business routinely shares customer data with third-party organisations outside your network. An inevitable ripple effect makes it hard to keep track of data, as you can’t supervise every supplier system.

Then there is the issue that once shared with partner networks – data sets may be re-shared and copied so that multiple versions exist in different locations. Partners and third-party companies may use shared customer data within their marketing plans or on customer service platforms. The result is an increase in security risk. If a large-scale breach occurs within a third-party supplier or one of their suppliers, it can severely impact the security of your customers. One breach could leave thousands, or even millions, of data files exposed.

What’s next for data privacy in the UK?

Michael Queenan, co-founder and CEO of Nephos Technologies, explores what could be on the horizon for data privacy in the UK. Read here

The threats to customer data

Whilst your security systems may be up to the job, you can’t guarantee that other companies achieve the same standard. Unfortunately, a data breach within another company in your supply chain could still leave your customer data exposed. And if customers use the same credentials across multiple sites, they could be vulnerable to account takeovers. Password re-use is still unbelievably widespread. Nearly two-thirds of people use the same password on different websites, according to a Google survey.

Login information is a major weakness in a company’s security, as shown in the latest Verizon Data Breach Investigations Report, which found that around 60% of all security incidents in 2020 involved credentials. Password managers are an easy solution, but their use must become commonplace. Only 24% of users claimed to use a password manager, despite admitting they need a better way to handle passwords. One of our customers found that when conducting security training for new hires, using their digital risk protection platform to pull up the individual’s email and various passwords available on the Dark Web, was invaluable to educate them on the importance of password management.

The pandemic has created a perfect storm of conditions to increase digital risk. Businesses rushing to move services online have accelerated cloud adoption, expanding the threat surface. At the same time, remote working has been a significant contributor to the escalating customer data threats. A marked increase in staff using shadow IT applications that are hidden from IT and security teams is evident. And employers have no visibility of or control over these data sets.

When data is leaked

Once a system is breached, all data files are up for grabs. Criminals have several options to monetise stolen data. Private sales are commonplace with new, unused data. These sales involve password-protected transfers, encrypted transactions, and escrow payments.

The data, however, loses value after initial exploitation. Criminals looking to maximise profits will resell or share it using unlisted ‘paste & dump’ sites, hacker forums and chatrooms. Criminal teams also add older data to compilation breaches to sweat the asset further. Depending on their motivation, cyber criminals may deliberately disclose data. This tactic is now apparent in recent ransomware attacks. Without effective digital risk protection systems and measures, including data watermarking, it would be virtually impossible to track your data after it is exposed.

Double-extortion ransomware: the new trend for businesses to prepare for

Chris Huggett, senior vice-president EMEA at Sungard Availability Services, discusses what to consider about double-extortion ransomware. Read here

What can be done?

There are five techniques for protecting customer data that we recommend businesses explore. These techniques use company’s brand, database identifiers, watermarking, fingerprinting, and anonymised monitoring.

It’s known that hackers often use the names of the breached organisation when marketing, selling or leaking their stolen data. So, it’s worth deploying a system that monitors for supplier names, as well as your own, on forums and ransomware sites. This includes searching for common typos and variants of these names. There are, however, some limitations to this method, as these searches could lead to lots of false positives. Security teams need to filter through the data to find matches, but this can take time.

Businesses can use database identifiers to improve monitoring efficiency. These take the form of unique strings within databases, such as server names and IP addresses. Teams can then match metadata included in a data leak when searching through database dumps. Patterns within data, including account numbers, customer IDs and reference numbers, are also useful for identification.

Another technique is ‘watermarking’ data by adding synthetic identities to a data set. Unique identifiers are used in your data sets or those you share in your digital supply chain so you can confirm if a breach includes data from your business or a supplier. They differ from searching for brand names because synthetic watermarks produce no false positives.

There are two techniques for recognising whether the data uploaded to a dump site is your customer data. The first is fingerprinting. This method involves creating one-way encryption, translating plaintext into a 64-character hash. This encryption cannot be reverse engineered, so it is a secure way of storing assets. The second method uses anonymised monitoring with segment of the fingerprint instead of the complete 64-character hash.

The journey of your customer data is complex. Robust measures are required to keep it safe. Data sharing data between third party companies is easy and fast with modern applications, but makes it harder to keep track of where your data is. Watermarking and continuous, automated monitoring will help with your promise to keep your customer data safe and be one step in front of data criminals.

Written by Jeremy Hendy, CEO of Skurio

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com