Site icon IT World Canada

Configuration mistakes blamed for bulk of stolen records last year: IBM

Image by Scyther5 from GettyImages.ca

Misconfigured servers accounted for 86 per cent of the record 8.5 billion records compromised around the world last year, according to an analysis by IBM Security released today.

That was one of the conclusions reached by the unit in its annual Threat Intelligence Index, which peers into customer sensor and other data. (Registration required)

What IBM calls the “inadvertent insider,” also know as misconfigured servers across a wide range of vectors including publicly accessible cloud storage, unsecured cloud databases, and improperly secured sync backups, or open internet-connected network area storage devices.

“This is a stark departure from what we reported in 2018 when we observed a 52 per cent decrease from 2017 in records exposed due to misconfigurations, and these records made up less than half of total records,” the report said.

It’s not that the total number of misconfiguration incidents increased. Quite the contrary, the number of such incidents actually dropped 14 per cent year over year. The report says this implies that when a misconfiguration breach did occur, the number of records affected was significantly higher in 2019.

Nearly three-quarters of the breaches where there were more than 100 million records breached were misconfiguration incidents. Two of those misconfiguration incidents alone, which occurred in what IBM calls the professional services sector, accounted for billions of records for each incident.

IBM doesn’t name the companies those incidents. But one might have been the discovery of an unsecured ElasticSearch server with data that appeared to come from a U.S. data processing company or one of its subscribers.

Misconfiguration errors will only decrease if companies take security more seriously, Ray Boisvert, an associate partner in IBM Canada’s security services who used to be a special security adviser to the Ontario government, said in an interview.

“It comes down to for all organizations that security needs to be woven into the fabric. The business processes, the launch of new services, the intranet for employees, web-facing content, needs to be linked to a philosophy that security is the enabler.”

Tighter identity and access management — including the addition of two-factor authentication — is also imperative, he added.

The report also found:

Of the OT attacks, most were centred around using a combination of known vulnerabilities within SCADA (supervisory control and data acquisition) and ICS (industrial control system) hardware components, as well as password-spraying attacks using brute force login tactics against ICS targets.

“The overlap between IT infrastructure and OT, such as Programmable Logic Controllers (PLCs) and ICS, continued to present a risk to organizations that relied on such hybrid infrastructures in 2019,” says the report.

Meanwhile the huge number of devices clumped under the Internet of Things – internet-connected devices ranging from surveillance cameras to toys – “has been gradually shaping up to be one of the threat vectors that can affect both consumers and enterprise-level operations by using relatively simplistic malware and automated, often scripted, attacks,” says the report.

The report urges organizations to take the following steps to better prepare for cyber threats this year:

Exit mobile version