Build Data Breach Monitoring Tool in The Cloud
Detecting a data breach is becoming more and more complicated as datastores became more and more decentralized.
Hundreds of businesses that suffered a data breach in the past year are the best evidence for the almost impossible mission to detect a data breach in real-time.
Data Breaches Are Motivated By Money First
To build the right data breach monitoring tool, we should understand first what is the motivation of hackers to steal your data.
Verizon analyzed over 53,000 incidents and 2,277 confirmed data breaches to understand what motivates attackers to compromise the data of organizations.
Year over year, it seems that financial impact is the first reason for attackers to breach your data. Why does it so important?
Once we understand it, in every step of building a tool to monitor data breaches, we will try to take the attacker's perspective — how is the vector they will take to gain the most financial results with the minimum efforts.
4 Reasons Why Data Breaches Happen
- Back Doors, Application Vulnerabilities — In most cases, backend applications have excessive permissions to query sensitive data, take control of backend app, access valuable data to external attackers. e.g. The personal data of 533M Facebook users has been posted online. The data was scraped in a vulnerability that the company patched in 2019.
- Social Engineering — As attackers are looking to utilize the employees’, phishing attacks are super efficient tools to exploit. e.g. Through an attack on U.S. Cellular, hackers were able to scam employees into downloading backdoor. The backdoor granted access to the company CRM containing records for 4.9M customers.
- Public Data Assets — When a database is misconfigured as publicly open assets and exposed to everyone in the wild. e.Wegmans Food Markets notified an undisclosed number of customers that their data was exposed after two of its cloud-based databases were misconfigured and made publicly accessible online.
- Insider Threats — Threats posed by a persona from the organization itself, such as current or former employees, contractors, and partners. e.g. A former employee sold a database stolen from the New York-based company with the understanding that the information would be sold to criminals.
