“Anatomy of a Data Breach” by Sensei’s Sharon Nelson and John Simek was featured in the September/October 2020 edition of GP SOLO. GP SOLO is a publication of the American Bar Association. “Each issue contains articles exploring a particular topic of interest to solos, small firms, and general practitioners, as well as articles related to technology and practice management.”
Breaches come in many variants, but there is a general flow to a breach. Because we make a living investigating breaches and remediating the vulnerabilities that caused them, let us take you on an anatomical tour of the common elements of a typical breach. To make the reading more fun, we have offered up “quotes” from the players typically involved in a breach. Many are taken from real-life incidents.
Hackers: “Let’s plan our attack.”
Every form of digital attack requires planning. Many cybercriminals are looking for a known vulnerability to exploit. Hackers can buy such vulnerabilities on the dark web. Some hackers will pay big money for a “zero-day” piece of malware, that is, one that has never been used and therefore no specific defenses exist against it. Some will pony up a lot of cash for a previously undisclosed vulnerability, again with a high probability of success.
Read the entire article here. (page 55)