Without a doubt, the Kaseya hack is one of the biggest cybersecurity stories of 2021. In July, the Florida-based IT company was hit by a ransomware attack that affected not only Kaseya but also more than 1,000 companies around the world relied on the technology of Kaseya. The attack is known by experts as the biggest ransomware attack of all time and is severe enough to be President Bidens Government even discussed a possible diplomatic response.
Hackers involved in the attack, a Russian hacking group called REvil, managed to infiltrate Kaseya and confiscate an enormous amount of customer data. They then demanded a massive $ 70 million for the return of the customer data.
The Kaseya attack may be larger than most attacks of its kind, but it underscores a long-known fact: Sensitive data is both valuable (as evidenced by the 70 million fact that it could be accessed illegally at all). A hack this one Magnitude is a pathetic lesson in Database security.
The Kaseya violation
According to a recently Bloomberg report, Kaseya executives were warned well before the attacks targeting potentially serious security vulnerabilities. For several years, Kaseya employees claim they raised myriad cybersecurity concerns only to be rejected by those who could have made the necessary changes.
Alleged problems included Kaseya storing customer passwords in the form of clear text instead of encrypting them. It is also said to have failed to regularly patch its software and servers. These vulnerabilities were reportedly not atypical of an approach to security best practices that was obviously lax.
Few companies or organizations have the potential to be responsible for a data breach on the scale of the Kaseya breach. Nonetheless, it is a timely reminder of how important companies should be to secure their databases and the data stored in them. Fortunately, there are lessons they can use to improve this security.
#1. Perform frequent access reviews
Ease of use and system security often seem to be enemies. This can be seen in the “privilege creep” that companies often encounter in their IT systems. When employees change job titles or move between assignments, they are often given new access permissions to go about their work. The problem is that earlier permissions that are no longer needed are often not revoked nearly as regularly.
Just like handing over your front door keys to several friends and neighbors and never asking for them to be returned, this opens up new security risks. This is not to say that these people are untrustworthy, but to put it simply, the more people whose accounts can be used to access critical systems, the more sources of potential vulnerabilities you have.
Regularly checking which employees have access to which systems should be an integral part of every cybersecurity team’s playbook. Particular attention should be paid to those who have direct access to sensitive databases.
# 2. Use the principle of “least privilege”
Related to the phenomenon of privilege creep is the principle of least privilege (often referred to as PoLP). As the name suggests, PoLP is about ensuring that employees have the minimum level of access or privilege required to do their job.
It’s not the same as removing redundant permissions from employees who no longer need them. It reviews the privileges of employees who need to perform a relevant task and tries to minimize them so that employees don’t have more access than they need.
This could mean, for example, asking whether database administrators need access to all databases within a system or only to those that they specifically manage and otherwise manipulate.
# 3. Make sure that strong encryption is used
The use of database encryption means that even if data is exfiltrated as part of a security breach, it will be useless to an attacker without access to the required decryption key. Ultimately, a database is a container for information. You can think of encryption as locking this container.
# 4. Monitor what is happening in your database
The above steps are all crucial. However, if an attacker does manage to break into a database despite taking the right precautions, it is important that you find out about it as soon as possible. This is where database monitoring comes in.
Using a single solution to monitor all databases is a great way to manage risk. Meanwhile, database monitoring tools make it easy to identify both insider and outsider threats in real time and act quickly.
The importance of database security
Database security/ day / security only becomes more important the more user data is collected and the more databases become the target of attackers. Unfortunately, incidents like the Kaseya hack will continue to occur. However, that doesn’t mean companies can’t learn from it and use the lessons to strengthen their own defenses.
#Kaseya #hack #valuable #lesson #importance #database #security