If you’ve been browsing the news recently, you’ve probably noticed that data breaches are making the headlines of the papers. Cyber security is a hot topic, and this is not just a fad. The most recent one is the United Nations data breach.
Last summer, the UN’s European headquarters in Geneva and Vienna were hacked. Cyber attackers broke into over 40 UN servers and downloaded approximately 400GB of data according to a senior UN IT official. Hackers also managed to access Active Directories and probably obtained human resources, insurance systems, databases, and network data.
Even though the incident started in July 2019, it was noticed one month later, a confidential report indicates. The UN did not report the hack to the authorities or to their staff. Employees were only asked to change their passwords.
How was the UN Hacked?
According to the same report, it started with a Microsoft SharePoint vulnerability (CVE-2019-0604) that was disclosed by Microsoft back in February 2019 and for which a software patch had been available for months. These types of security holes are broadly exploited by attackers to break into organization’s systems and as the UN IT staff failed to patch their SharePoint environment on time, hackers took advantage of this security vulnerability to access the organization’s networks and then the OHCHR (Office of the High Commissioner for Human Rights).
What can organizations learn from the UN data breach?
90% of data breaches are caused by human error, according to a recent report from Kaspersky Lab meaning that cyberattacks in the public cloud are usually caused by customer’s users and not by actions from cloud providers.
Software vendors are constantly releasing new patches to fix problems and bugs in their software or platforms. Then, it is the software users’ responsibility to apply these patches to protect their environment or to leave it at risk.
There is indeed a large number of patches that are published every month from many vendors and that updating and managing all your different software can be time-consuming which often creates delays in securing your environment. Attackers are perfectly aware of that and are usually taking advantage of these mistakes to hack your organization.
The United Nations data breach should be another lesson to learn from. Let’s not forget that the Equifax data breach and the 2017 WannaCry ransomware attack are clear examples of what can happen when patches aren’t applied.
What can you do to avoid these attacks?
As discussed above, updating and managing your IT environment might be cumbersome and can leave your IT staff overwhelmed.
In the case of SharePoint, maintaining a SharePoint infrastructure spans multiple domains of expertise such as infrastructure, database, web technologies, security, business analysis, and applications. Not to mention that skilled SharePoint resources are hard to find and expensive to hire.
Consequently, outsourcing your SharePoint maintenance to a managed IT service provider can be the solution to ensure optimum security and free your IT resources from tedious tasks.
Softlanding is a long-established leader in deploying and managing SharePoint solutions for a wide variety of private, public and government organizations. Our SharePoint managed services handle the grunt work for you to ensure your SharePoint environment runs smoothly and securely.
Contact us now if you want to learn more about our SharePoint managed services.