We keep hearing about them in the news. The tallies are astounding: 145 million user accounts compromised here, 40 million credit cards stolen there. What isn't always as clear with the most high-profile data breaches is how they occurred in the first place and what you can do to prevent seeing your organization in a similar headline.
CIO.com tapped several security professional to summarize the origins of the top five recent data breaches to affect U.S. firms. There are also lessons to learn from AT&T, Community Health Systems, Experian, Michaels, Neiman Marcus, P.F. Chang's and the UPS Store, among many others.
Lesson From Adobe: Build Better Systems
Topping the list is the Adobe Systems breach, which the company calls a "sophisticated attack" of its network and involved stealing 153 million customer records. The company later said a smaller subset of those accounts were still active.
Joe Siegrist, CEO and co-founder of password management company LastPass, says the breach is unique because it involved so many customer records and because we have so little information about what actually occurred. Hackers stole 3.8 GB of compressed data — email addresses, password hashes and password hints — all apparently obtained from a backup server, he says.
David Schoenberger, CIO at CertainSafe, says the hacker probably broke in using various methods, including SQL injections or fake IP addresses. He says the answer is to build better systems — use stronger passwords and deploy better firewalls.
Lessons From eBay: Encrypt Data, Educate Employees
The recent eBay breach, meanwhile, involved the theft of 145 million user accounts. Todd Weller, the VP Corporate Development for Hexis Cyber Solutions explains that this breach at least didn't involve stolen credit cards, which were protected by strong data encryption. Hackers were able to steal the names, addresses, emails, and phone numbers for users. This involved confirmed reports of hackers stealing login credentials for specific employees.
There are few clues about how the attack actually took place, but Weller says it was likely a phishing scam or a social engineering attack that tricked employees into giving out their logins. The best preventive measures, he adds, would have been encrypting all user data and educating employees about phishing scam dangers.
Lesson From JP Morgan Chase: Invest in Intrusion Detection
The worst data breaches are sometimes left unsolved, but security professionals can sometimes piece together the root cause. Idan Tendler, the CEO of security analytics company Fortscale, says it's possible, based on unconfirmed reports, that the JP Morgan Chase breach of 83 million customers' persona data happened after hackers obtained a list of the applications that run on the bank's internal servers.
Sign up for Computerworld eNewsletters.