Quick Take | How Data Breaches Happen

StopwatchAt the NICSA East Coast Regional Meeting in mid-April, in a breakout session on “Cybersecurity: How do breaches happen?” representatives from AB Global, Acadian Asset Management, Broadridge, Brown Brothers Harriman and EY Global Services discussed how cybersecurity breaches happen, who are the hackers, and best practices for preventing and managing a security breach. Here’s the quick take from that session:

Who hacks?

  • Organized crime – entry points gained via phishing, link clicking; sell digital assets on black market
  • Nation states – very targeted and largely politically motivated hacks
  • Activist groups or “hacktivists” – sophisticated hackers with a specific target
  • Criminal groups – Financial targets are main goal
  • Insider threats – trusted users, including employees and third parties, with privileged accounts

How do they get in?

  • Phishing is #1 way – Pre-screen emails, train internal associates, hire a third-party to run quarterly phishing “tests”
  • Trusted user as access point – “reasonable” access permissions, obfuscate sensitive customer information with dynamic data masking, risk-rank vendors
  • Weak point in system (i.e. mobile devices) – make sure patches are up-to-date, control external network connections, internet monitoring, track scanning activity

What to do when they get in (because they will)?

  • Don’t panic!
  • Secure communications about response and operations
  • Identify main threat and how to protect data
  • Focus on shortening the amount of time the hacker has access
  • Don’t ignore extortion threats (Sony)
  • Determine when and how to call the regulators in
  • Seek outside help if necessary – legal, FBI, third-party experts etc.

More reading:

Ghost in the Wires by Kevin Mitnick

The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll



NICSA: 8400 Westpark Drive, 2nd Floor McLean, VA 22102 • Tel: 508.485.1500 • Fax: 508.485.1560