While we often see headlines of a data breach, companies fail to ensure they won’t be the next victim of a security incident. Here, Pravin Rasiah, VP of Product, CloudSphere, highlights a few examples of the most common mistakes we see and best practices organizations should follow to prevent becoming the next security headline.
Unfortunately, companies continue to make mistakes within their security operations that result in sensitive information being exposed or hacked. Data leakage often occurs because there is little to no awareness inside the cloud environment. As cloud adoption continues to rise, these incidents will increase as well, unless organizations can begin learning from the mistakes of others and taking control of their cloud environments at the onset, and maintain a comprehensive monitoring program.Â
Organizations should look at their peers and previous incidents to ensure they do not make similar mistakes.Â
Incidents to Learn From
Below are a few examples of companies that have experienced some of the most devastating data breaches of 2020. Let’s take a closer look at what occurred and what companies can do to avoid a similar fate.
- An unsecured database that required no authentication and was not encrypted left 235 million user profiles exposed. The database was traced to an obsolete third-party who previously held ownership over it, which likely resulted in the current company having no visibility over the leak. Vulnerable records included phone numbers and email addresses of users on several social media platforms, which cybercriminals can leverage to carry out credential stuffing attacks against other organizations.
- A children’s online gameOpens a new window was the victim of a security incident where 46 million records were breached. A cybercriminal broke into an internal system for employees to communicate with each other and retrieved a secret key that allowed the hacker to break into the company’s user database. Furthermore, the database containing sensitive information was published for free on a hacker forum.Â
Time for Action
Companies need to ensure they do everything in their power to prevent a potential intrusion or data leak in the cloud. With proactive security and governance policies in place, businesses can remain confident that their sensitive data is safe. Below are a few best practices organizations should follow:
- Password protection: Leaving a database exposed to the external internet and without a password is, unfortunately, an all too common occurrence because many organizations do not have proper security and access management policies in place. Businesses should investigate whether their security tools keep them apprised of any changes in policy and subsequent cloud risks.
- Visibility into security posture: Proper visibility provides an overview of changes or updates that impact security and the company’s vulnerabilities. A comprehensive view of the cloud environment is crucial for companies to monitor for potential intrusions. Furthermore, organizations should track who has access to all assets to ensure no unauthorized personnel can retrieve sensitive data.Â
- Identity and access management: Identity and access management (IAM), multi-factor authentication (MFA), and/or user and entity behavior analytics (UEBA) should all be enforced to alert organizations of abnormal activity. Additionally, organizations should implement the least privileged policies for users and service accounts. With proper cloud IAM policies, it becomes challenging for attackers to leverage stolen employee credentials to escalate permissions and gain access to more sensitive systems or data.Â Â
- Risk management: Security guardrails prevent and repair issues in real-time, minimizing the attack surface as time is of the essence when it comes to data breaches. Cybercriminals are continuously updating their attack methods, and companies must keep pace with a dynamic security monitoring system. By constantly evaluating the environment and using a metrics-based approach, organizations have a quantifiable and holistic view of their risk profile.
- Security and DevOps alignment: Organizations are increasingly adopting DevOps as they retool their IT infrastructure to deliver products with speed and agility. The rate of change for apps delivered on cloud infrastructure, in particular, is extremely rapid, and security needs to keep pace. Businesses should encourage closer integration between security and DevOps and embrace shift-left strategies for security. Even minor changes in cloud environments can have a massive impact and security implications. However, the DevOps team often doesn’t have the security context of these changes. Therefore, actions that introduce significant risk typically go unnoticed unless there is strong collaboration between DevOps and security teams.
Learn More: How To Measure The Success Of IAM Deployment
Many cloud adopters fail to consider the extended attack surface exposed through misconfiguration of cloud resources and human error. Without tools providing clear visibility into the environments housing sensitive data, companies are holding the door open for threat actors. The only way to ensure misconfigurations don’t occur is through real-time observability into the landscape.