Security breaches can be fatal to your business and unbelievably costly according to the 2018 Cost of Data Breach Study:
- The average cost of a breach involving 1 million records is $40 million
- The cost of a larger breach involving 50 million records averages a total cost of $350 million
These breaches don’t become clear as soon as they happen, either. The average time to detect and contain a large breach is an entire year.
The first step to preventing these kinds of breaches is to know where they happen. Here’s what you should know about the various kinds of data vulnerabilities, and where they occur.
Improper Patching and Code Vulnerabilities
When a car manufacturer issues a recall when they encounter a faulty part or another issue with one of their vehicles, they’re dealing with a major problem: countless cars are already on the road, relying on a faulty, recalled part which can be incredibly dangerous.
The same kind of problem arises when a web application or API with open-source components has vulnerabilities—the code is already out there, powering websites and enterprise solutions while it’s riddled with vulnerabilities that can expose the entire program to malicious hackers.
What’s shocking about most modern web applications is just how much code is vulnerable to failures and faults. In a data pool of over 10,000 web applications and 8 billion lines of code:
- The average application consists of 79 percent existing “library” code and 21 percent custom code.
- Over 76 percent of applications have 1 or more vulnerabilities
- 34 percent of applications contain 4 or more vulnerabilities
Virtual patching refers to a protocol to intercept attacks before they happen and strengthen these code vulnerabilities so that malicious traffic never penetrates the web application. Patches don’t modify the source code of the original application, but they prevent these attacks from succeeding.
The problem? According to the Open Web Application Security Project (OWASP), virtual patches aren’t always available, and when they are, they are time-consuming to implement and can be incredibly cost-prohibitive. In one instance, a patch took an entire 55 days to implement. In that time, applications are still vulnerable to hackers, who already know their way in.
Essentially, it means your application is a sitting duck until you get the patch implemented. And if you’re using legacy code or outsourced code? There might not be a patch to solve your code vulnerabilities.
Weak Passwords and Problems with Administrative Access
As noted in Science Direct, “Weak passwords always play a major role in any hack.” Some applications don’t require complex, secure passwords, which means that some of your organization’s users may choose weak passwords. Passwords might also be guessable, like someone’s name, address, birth date, or phone number. Instead, it’s recommended that users create passwords with random strings of words and special characters to be more secure.
Even in 2020, when many organizations have been doing their best to emphasize the importance of impenetrable passwords, the top ten most common (and worst) passwords out there are still:
- Senha (password in Portuguese)
For reference, the most common password—123456—has been exposed almost 23.6 million times. Having a secure password to avoid data vulnerabilities matters!
But access vulnerabilities aren’t just limited to poorly planned passwords. Administrative access and enterprise access can also play a role in web application or data vulnerabilities. Sometimes, operating system designers or administrators may create policies that don’t keep data secure. An example of this? Some operating systems default to granting all users full access to the entire program.
Think of this as giving everyone on your team a master key to the most secure part of your building. The more people that have keys, the more likely it is that an intruder can gain access to your building. This kind of operating system flaw leaves your system more open to viruses and malware.
Security misconfiguration problems can happen in all kinds of ways and are found in all kinds of contexts. Generally, a misconfiguration happens when best practices are not followed when configuring an asset like an operating system, web server, software, or web application.
All of your network devices like hardware or email services can suffer from vulnerabilities. So what kinds of misconfiguration issues can occur? Problems can include:
- Debugging tools that get enabled during development sometimes do not get disabled before the program reaches the production environment. When this happens, an attacker can trigger debugging and errors in files that contain important data
- Cloud misconfigurations happen where the cloud environment is not secure. Especially with some public or semi-private cloud hosting platforms like Amazon Web Service, AWS, the customer is the one who is responsible for the configuration of their own cloud, and the resources that are deployed there, and many data breaches of major companies have occurred as a result.
- Network and security device misconfiguration can happen when network device configurations are relaxed. Oftentimes, this occurs when IT teams are trying to troubleshoot a network problem. The issue is, they sometimes forget about these relaxed configurations, and attackers find their way in through internal assets. Some security solutions like IDS, IPS, WAF or SIEM can be misconfigured, which leaves organizations and their enterprise solutions open to vulnerabilities.
Directory Traversal Attacks
Another security-related vulnerability is known as a directory traversal attack. These can happen when hackers try to gain access to files that are stored outside the web root folder. They do this by manipulating the coding sequences and their variations through absolute file paths. By doing so, malicious attackers can obtain your arbitrary files and directories.
Almost all web applications include local resources like images, themes, or scripts, and each time these resources and files are included in an application, it increases the risk that an attacker can insert an unauthorized file or remote resource.
For this reason, it’s a good idea to never store sensitive configuration files and data in the web root or local systems.
Why This Matters: What Can Happen
Data breaches frequently happen because hackers are looking to steal sensitive data. In fact, about 3.5 billion people had their personal data stolen in the top two data breaches of the 21st century. Stolen data can cost companies an average of $3.86 million per breach, or around $148 for each lost record.
But stolen data isn’t all that can happen when hackers find their way into your system. One of the biggest threats that vulnerabilities pose is the risk of ransomware.
Ransomware attacks prey on vulnerabilities that go unnoticed by security teams. Some of these vulnerabilities are years old, and have flown under the radar for a considerable amount of time, and are a significant risk especially for governments, healthcare organizations, and businesses.
One report found that 35 percent of these vulnerabilities that paved the way for ransomware were more than 3 years old, but cost companies $8 billion in 2018. Many of these vulnerabilities affect multiple technology vendors, exposing all of their users to ransomware.
Vulnerabilities in your system can also impact your data integrity. Data integrity refers to the overall wholeness, accuracy, and consistency of your data. You can track data integrity by identifying no alteration between two data records; you know the data is intact and unchanged.
According to one study, poor data quality is responsible for $15 million in annual losses, which can be a dramatic hit to business value. LinkedIn put it more simply: “Poor Data Integrity is a company killer.”
If you are feeding corrupted data into your enterprise-wide system, there’s no way to contain it. Inaccurate, poorly gathered, off-measured, and biased content (like that affected by a hacker) will infiltrate your system and affect your business practices from top to bottom.
Are you looking for ways to protect your data from vulnerabilities? Our team at Engine Room Tech can help. With years of experience in secure coding standards, code reviews, and penetration testing, as well as remediation after security breaches, we know where to look to find even the most hard-to-spot vulnerabilities.
Are you doing everything you can to strengthen your data against vulnerabilities? We can help Contact us today to learn more.