Some common security weaknesses look to be the main contributing factors to the leak at the US Department of Homeland Security (DHS) that affected nearly 250,000 federal government staff.
Having an effective leavers policy is only the start. The leavers policy should be reviewed regularly, as and when access to new systems are introduced. Access to all systems should be disabled with a combination of automation and manual intervention. Any gap in this process could lead to an unauthorised access long after an employee has left the company.
Additionally, performing database monitoring is something that is often overlooked. Databases almost always hold sensitive information and quite often personally identifiable information (PII) may be contained in the form of customer, financial or HR records.
Database auditing is an option available to all mainstream database platforms. The ability to collect logs that show not only server-based events such as when an account was added/removed, but also data-driven events such as when a database was accessed, when a table was updated, or a record was modified.
Network threat detection and behaviour analysis can help detect unusual transfers from an internal to external destination - such as in the case of exfiltrating the database stored at DHS.
Lastly, user and entity behaviour analytics (UEBA) can also help bring anomalous users and their associated activity to the surface sooner rather than later.
While DHS may have downplayed the breach, it still took them eight months to bring this to light. And with GDPR just around the corner, is your business prepared to pay up to €20m or four per cent of global annual turnover?
The DHS was at pains to emphasise that the “evidence indicates that… personal information was not the primary target” and that the incident wasn’t a “cyber attack by external actors”