What CIOs Can Learn From the Biggest Data Breaches

A postmortem analysis of some of the biggest recent data breaches offers IT leaders several pieces of advice for staying a step ahead.

We keep hearing about them in the news. The tallies are astounding: 145 million user accounts compromised here, 40 million credit cards stolen there. What isn't always as clear with the most high-profile data breaches is how they occurred in the first place and what you can do to prevent seeing your organization in a similar headline.

CIO.com tapped several security professional to summarize the origins of the top five recent data breaches to affect U.S. firms. There are also lessons to learn from AT&T, Community Health Systems, Experian, Michaels, Neiman Marcus, P.F. Chang's and the UPS Store, among many others.

Lesson From Adobe: Build Better Systems

Topping the list is the Adobe Systems breach, which the company calls a "sophisticated attack" of its network and involved stealing 153 million customer records. The company later said a smaller subset of those accounts were still active.

[ Related: Why Russian Hackers Are Beating Us and 10 Mistakes Companies Make After a Data Breach ]

Joe Siegrist, CEO and co-founder of password management company LastPass, says the breach is unique because it involved so many customer records and because we have so little information about what actually occurred. Hackers stole 3.8 GB of compressed data -- email addresses, password hashes and password hints -- all apparently obtained from a backup server, he says.

David Schoenberger, CIO at CertainSafe, says the hacker probably broke in using various methods, including SQL injections or fake IP addresses. He says the answer is to build better systems -- use stronger passwords and deploy better firewalls.

Lessons From eBay: Encrypt Data, Educate Employees

The recent eBay breach, meanwhile, involved the theft of 145 million user accounts. Todd Weller, the VP Corporate Development for Hexis Cyber Solutions explains that this breach at least didn't involve stolen credit cards, which were protected by strong data encryption. Hackers were able to steal the names, addresses, emails, and phone numbers for users. This involved confirmed reports of hackers stealing login credentials for specific employees.

[ Analysis: Is eBay Trading Too Much Security for Seller Happiness? ]

There are few clues about how the attack actually took place, but Weller says it was likely a phishing scam or a social engineering attack that tricked employees into giving out their logins. The best preventive measures, he adds, would have been encrypting all user data and educating employees about phishing scam dangers.

Lesson From JP Morgan Chase: Invest in Intrusion Detection

The worst data breaches are sometimes left unsolved, but security professionals can sometimes piece together the root cause. Idan Tendler, the CEO of security analytics company Fortscale, says it's possible, based on unconfirmed reports, that the JP Morgan Chase breach of 83 million customers' persona data happened after hackers obtained a list of the applications that run on the bank's internal servers.

Once hackers had the list, they searched for known vulnerabilities for each application until they found a way to break in. They then obtained administrative privileges to gain access to the servers. Then they stole the data. Tendler says analytics tools could have noticed the intrusions at specific times of the day and looked for login anomalies.

Lesson From Target: Find the Most Critical Vulnerabilities

Target became one of the latest victims of a phishing email campaign. Kevin Conklin, a spokesperson for the IT security company Prelert, believes the Target breach was a result of a hacker using authorized login credentials obtained using an email phishing campaign targeting a specific contractor. The credentials allowed the hackers to install a malware program on the POS terminals that read a customer's credit card. All told, the attack compromised 70 million customer accounts and 40 million credit cards.

[ How-tos: Build a Data Breach Response Team and Take the Right Steps When a Data Breach Hits ]

Conklin says the twist is that Target security tools detected the breach and issued alerts, but the attackers likely kept manually attempting to login. It's possible that Target received thousands of these alerts during the attack period. Conklin argues that threat detection tools, including one his company offers, could reduce the damage because they search for more critical anomalies.

Lesson From Home Depot: Well-Configured Firewalls

Most security experts say Home Depot was the victim of a spearphishing attack -- a highly specific, targeted ruse that arrives by email and then infects a computer with malware. According to Francis Turner, a product manager for ThreatSTOP, the Home Depot breach, which affected 56 million credit and debit cards, could have involved just one successful attack -- and just one employee agreeing to the install. It's also possible this one specific employee was repeatedly spearphished.

Turner says the real hack isn't the intrusion but, rather, the fact that the malware could "call home" and carry out further instructions. Firewalls configured to block both incoming and outgoing attacks would have helped, he adds.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityat&tdata breachExperianCommunity Health SystemsNeiman MarcusMichaels

More about Adobe SystemseBayHome DepotIntrusionJP MorganMorganPrelert

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Brandon

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place