The reason why databases are breached is simple: data has value. This is according to Rob Rachwald, director of security strategy for Imperva, at this year's RSA Conference Europe.
Rachwald shared some lessons and insights of the 10 biggest database breaches of the year.
Number 10, according to Rachwald, is the Bank of America breach, in May. This is an example of privilege abuse, he explains. An employee stole information and gave it to scammers, when it wasn't necessary to have that kind of access in the first place.
Number nine is the breach at the UCLA Medical Centre, which saw medical records of celebrities sold, in July. Employees such as nurses had legitimate reasons to have access to the information, but abused it. While prevention of this type of abuse is difficult, strong auditing can help find the person responsible and mitigate losses.
Number eight was a spear-phishing attack on Oakridge National Laboratories, in April. Over 500 employees were sent a spear-phishig e-mail containing malware, and over 200 opened it. What is significant about this breach, says Rachwald, is that the perpetrator escalated privilege to gain access to more and more information in the company.
Number seven on his list - medical records which were leaked in September. In a Google search, a user happened to come across medical records for a hospital in the US. Rachwald says the hospital thinks the data was leaked by an outsource partner to the hospital. "I emphasise the term 'they think'." he says. "They don't know where it came from." This shows the consequences of weak audits, he says, adding that more granularity is needed to discover exactly where exactly the data came from.
Number six was Groupon India, in June 2011. Groupon also doesn't know how its breach happened, but user names and passwords were visible on the site. This is another example of weak auditing.
Number five occurred at the Suncoast Community Health Centres. Rachwald says an IT employee was let go and the company did not delete all its access codes.
In fourth place is the National Health Service, where a backup CD with unencrypted data was not destroyed correctly.
Third was at Bay House School, in Hampshire, where a student hacked into the Web site and exploited the system's weak passwords, in August.
Tied in the unenviable position of first place is Sony, together with various military and government Web sites. These breaches were caused by SQL injection, says Rachwald.
While terms like cyber warfare and stuxnet capture people's imaginations, it's easy to overlook smaller, preventable vulnerabilities, he concludes.
Share
