Cisco: Here’s what to do once a breach has occurred
By Ryan Noik 15 January 2020 | Categories: feature articlesConventional wisdom amongst cybersecurity pro’s is that for many companies it is not a matter of if they are breached, but when. Having one’s security compromised – or at least attempts being made to circumvent one’s security, has become considerably more likely as the proliferation of cyberthreats expand daily.
Indeed, there are no sacred cows for cybercriminals, and no attack surface they won’t target. PC’s, servers, mobile devices, IoT connected things, are all fair games. Most recently we saw scammers try their luck by compromising compromising WhatsApp and then trying to elicit money from one’s contact list, in the victim’s name.
Corien Vermaak, Cyber Security Specialist at Cisco South Africa pointed out that recently we have seen an increase in cyber-attacks, both locally and globally. “People are becoming more aware of the impact of data breaches. Yes, we all feel at risk, and with several companies breached being close to home, I have been asked many times what to do if you suspect your data was breached during one of the recent significant data breaches,” she notes.
The company therefore offered a few practical steps to manage risk, particularly when one’s privacy and data security had been breached. Perhaps the good news is that data breaches are not new, and thus they have offered several lessons in the past that can be drawn upon.
Learning from past mistakes
A few of these include 2017’s Master deeds breach – one of the most significant breaches which affected many South Africans. Vermaak explained that the Master deeds breach contained a 27GB file called "masterdeeds.sql" which was a MySQL database backup file. This file included, among other information, 2.2 million email addresses of South African citizens.
Most recently, City of Johannesburg disclosed that they suffered a catastrophic ransomware attack which was far-reaching. According to the press statement issued by the City, the ransom notes read: "We also compromised all passwords and sensitive data such as finance and personal population information".
The bad news, of course, is that data breaches are not uncommon. According to the Identity Theft Resource Center, three data breaches happen every day, and over 4 million records have been lost in breaches globally in 2019.
“One of the critical issues is that we entrust our data to organisations, and this leaves us at risk if they do not take adequate security measures to ensure our data is protected. The question many people ask in the wake of such breaches is: what do I do now?” she continued.
Realness of affect
The first action is to determine, with near certainty, if you have been affected by the breach in question. “Some websites are helpful in this regard, and I always advise clients to check the site haveibeenpwned. This site is an excellent resource for most of the significant and/or international breaches. However, in most cases, you will know by simple means of deductive reasoning. If you had a reason for doing business with the City of Johannesburg, for example, you may reasonably assume that your data has been affected,” notes Vermaak.
She advised that if it is possible to determine what data was affected, it is a good idea to try to determine what information the hackers have access to. However, this is not always plausible, and most organisations do not fully disclose the extent of the data breach.
Strong passwords, people
The next step in mitigating your risk is to reset passwords to all affected accounts and possible linked accounts. I always advise that financial service accounts and passwords to be reset.
The reason for this step is that it renders the stolen data to a certain degree useless. Vermaak stressed that people and organisations needs to ensure that passwords are set with reasonable complexity and remember that lengthy passwords trumps complexity; thus, passphrases have become a security favourite.
“In most breaches, email addresses are leaked so I will not be responsible if I do not reiterate the importance of caution when it comes to emails you receive. Our emails and email archives are a treasure trove of personal information, thus we should always apply caution when we receive suspicious or unsolicited emails,” she added.
Bank on it
Finally, it is advised that you inform your bank or financial service provider that your data was breached. “I also recommend clients to check their banking statements regularly to ensure that no suspicious transactions are made. If you suspect that your credit card information was violated during the data breach, it is sensible to cancel the card and request a reissue to ensure data like CVV numbers are rendered useless,” she said.
Lastly, on the front of financial matters, Vermaak reiterated that it is imperative that you monitor your credit record. The reason for this is that stolen identities are used to get access to credit and loans. If you watch your credit record, this will enable you to become aware if the stolen personal data is monetised.
“In summary, when you find out that you may be affected by a data breach, it's a good start to try to determine if you are affected; however, this is not always possible. Immediately take action on changing affected passwords and finally, inform your bank and keep your finger on your credit record,” she concluded.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?