4 Cybersecurity Takeaways from China’s Largest Data Breach

by

July 8, 2022

Cybersecurity drama strikes again as human error leads to China’s biggest data breach and perhaps the most significant hack of personal information in history.

According to Threat Post, the incident was triggered after a Chinese government software developer wrote a tech blog on the Chinese Software Developer Network (CSDN) and included log-in credentials for the Shanghai National Police database in the post.

Now the personal data of one billion Chinese citizens is for sale on The Dark Web, an anonymous online marketplace infamous for illicit activity.

Why does this breach matter to you? Every cyberattack provides valuable operating insights. In addition to “don’t post log-in credentials on public software developer forums,” we’ll explore four key takeaways from this unfortunate event.

Are you ready for some practical cybersecurity guidelines to protect your business?

 

Cybersecurity Takeaway #1 – Embrace a layered approach.

Cybersecurity is a discipline that encompasses people, processes, and technology. While accidentally sharing your log-in credentials on a public technology forum, LinkedIn, Facebook, or Instagram is an open invitation for invasion; technical safeguards will save the day.

Even if a threat actor has a user ID and password, they will be stopped in their tracks if the potential victim is using Multi-Factor Authentication (MFA).

Here’s a simple example: whenever I log into my personal Yahoo account through the LastPass portal, I receive a notification on my cellphone that requires me to verify I’m the one logging in.

I push green for “yes” and red for “no.” Over the last five years, I’ve received several notifications when I was not logging into Yahoo and quickly smashed the red button. MFA would have thwarted this attack.

 

Cybersecurity Takeaway #2 – Cultivate a security-first culture.

Social media, personal blogs, and other online forums create cybersecurity challenges because it’s effortless for threat actors to use automated scraping tools to aggregate open source intelligence from these platforms.

Open source means the information is publicly available, so it’s advisable to avoid oversharing. Criminal cartels take bits and pieces of your shares, comments, likes, pictures, and connections to plot data breaches, ransomware attacks, and political sabotage.

Rogue nation-states can even disable water supplies and entire power grids.

Learn More: What Happens When Russian Hackers Attack Power Grids

 

Cybersecurity Takeaway #3 – Follow an established framework.

When your managed IT services provider (MSP) or IT Director talk about cybersecurity, many C-Level executives think, “Oh boy, looks like we’re adding another expense to our income statement.”

While taking extra measures to strengthen cyber resilience carries a fee, if you align the endeavor with the cybersecurity framework for your business, the operating and marketing benefits will offset the investment.

We experienced this first-hand at Integris when we adopted SOC 2 Type II compliance. This rigorous set of information security controls is expensive to maintain ($20K – $80K per year), and each audit spans 12 months.

However, fewer than 1% of MSPs (managed IT service providers) are SOC 2 Type II certified, so we stand out with prospects and clients who require extra assurance that their data is safe with us.

Therefore, this exhaustive compliance standard and related audit reports are worth their weight in gold. We also use the framework to justify any new cybersecurity tools we buy.

Learn More: SOC 2 Type II Compliance

 

Cybersecurity Takeaway #4 – Avoid fools with tools syndrome.

We didn’t invent the term “fools with tools.” Still, it’s a perfect definition for the practice of buying a stack of sophisticated cybersecurity technology that’s impossible to manage without an MSP or the budget of a Fortune 500 IT department.

Even Fortune 500 IT departments outsource cybersecurity solutions to MSPs because hiring specialists with continuously updated solution certifications is more cost-effective.

For example, Managed Detection & Response (MDR) is an advanced cybersecurity solution that delivers tremendous benefits. However, DIY implementations rarely meet expectations. Security Magazine advises outsourcing MDR for the following reasons:

  • A 24x7x365 SOC is complicated because it requires tools, monitors, software, systems, network appliances, and sensors.
  • You must acquire, integrate, and manage all third-party services and licenses.
  • The SOC must have the necessary resources to evaluate and integrate new technologies.
  • It must also evolve to keep pace with cyber threats’ ever-increasing volume and complexity.

 

Focus on incremental improvements.

Have you implemented MFA? If not, you’re not alone. Cyber Readiness Institute estimates that more than half of small and medium-sized businesses do not use MFA.

The best thing you can do right now is roll out MFA and require everyone to participate.

Since the breach that inspired this blog involves China, I’m not sure we’ll ever get the whole story, but we’ll certainly update this article with any additional details that surface.

To learn more about hardening your cybersecurity, explore Integris vCISO Consulting.

Jed is a Solution Advisor at Integris who has specialized in MSP solution development, sales, and marketing communications since 2003.

Keep reading

Social Engineering Hacks—Are They a Bigger Threat than Ransomware?

Social Engineering Hacks—Are They a Bigger Threat than Ransomware?

We're making a dent in hacking. Cybersecurity tools are better, and employee security training is better too. The emergence of the cloud means that hacker delights like uninstalled security patches happen far less. Now that most companies are backing up and operating...

The Business Impact of the AGCO Ransomware Attack

The Business Impact of the AGCO Ransomware Attack

On May 6, 2022, global agricultural equipment manufacturer and distributor AGCO announced they were victims of a ransomware attack. The cyber assault hit some of their production facilities on May 5. Restoring operations to normal will take several or more days. While...