Security events occur frequently but may not capture our attention unless they are more spectacular than the last, like Marriott’s data breach of half a billion records. We’ve all forgotten by now the personal identifiable information (PII) stolen from Equifax in 2017— that trove of 143M records has the potential for almost half of the identities in the U.S. to be stolen. However, the worst data breach occurred in 2003 when 1.6B records were stolen from then Axciom1.
IT knows who you are and what you do
Not familiar with Axciom? They’re a data broker that aggregates various types of information on consumers to create accurate individual profiles. Beyond PII, they know a person’s income, shopping habits, gambling habits, home equity, marital status, hobbies, interests, etc., with up to 5,000 data points per individual. Their data provides precision to companies that market consumer products like credit card offers received in the mail or targeted ads shown online such as Facebook. This event flew under the radar and received no media coverage because at the time, California was the only state in the process of implementing a breach notification law. Today, all states have similar legislation that requires individuals affected by a data breach to be notified.
Motive and planning
The attackers described above probably spent a good amount of time with reconnaissance and planning before they were able to find a soft spot to exploit—like bank robbers. A record can be sold on the dark market for $2 to $20 a piece depending on its type and quality. Based on the size of the breaches, the attackers stood to make a lot of money and therein lies the motivation for their crimes.
Mid-sized companies may not fall into the high-value target category as Axciom or Equifax, but they face a similar risk of their own. These organizations’ threats are more associated with crimes of opportunity that are caused by a lack of security or human error, such as misconfiguration or opening a virus attachment. Attackers use automated port scans to search for networks with open ports. Ports are used by computers to communicate with one another and specific communication functions are tied to a port number (i.e. email = port 25). When an open port is found, the attacker will use various techniques to attempt to exploit it and get in.
This is similar to a person walking down the street checking for unlocked cars, and when they find one, rummaging through for something valuable to take. Open ports can be accidentally left open by an organization, or there may be a lack of security at the perimeter.
Implementing proactive protection
Fortunately, ensuring proper protection is simple when using an intrusion prevention system (IPS). An IPS can be found in a managed network security service that can detect, block, and protect your network from port scans. Additionally, using a firewall can reinforce access control into your network as well as obfuscate your internal network from the public. IPS, along with the other security capabilities provides a layer of security between your network and the Internet.
Chances are, you’re being scanned right now
If you’re wondering how prevalent port scanning is, it’s probably happening to your home network right now. Here’s a screenshot of someone with an IP address from South Africa that scanned my home network. The scanner is checking for systems with open port 23 or Telnet in my network to exploit. It could be a bot herder searching my network for a webcam to add to the Mirai botnet or possibly that Nigerian prince that’s been emailing me.
1 Kony DBX, 2019 Retail Banking Trends and Predictions report, 2018.
Enter your business location zip code below for business solutions in your area.
Find business zip code