Data breaches remain a challenge through 2020, despite an increase in cybersecurity awareness and investments. While the cloud is an increasingly adopted tool that enables enterprises to upload and distribute data with unmatched effectiveness, it comes with a unique set of vulnerabilities overlooked by users. Compared to on-site servers, the cloud contains an overwhelming number of computes, roles, interdependencies and data inheritances that make it challenging for enterprises to maintain reliable surveillance of every account and activity.
Traditional data users may lack the awareness and support (first-generation cloud security solutions are porous and incapable of tracking modern cyber threats) to function safely on the cloud. There’s a pressing need to familiarize with the common issues within a complex cloud environment, including the lack of data controls, poor IAM settings, varying service provider policies and the navigation of unknown permissions attributed to identities.
A majority of recent high-profile cloud data breaches involve misconfiguration, low visibility, and privilege abuse as the leading causes of cyberattacks. These platform vulnerabilities have subjected enterprises to cyberattacks from insider threats, weak authentication, and third-party access, leading to severe financial (compromised revenue, increased cybersecurity spending, etc.) and human (breach of trust, besmirched professional reputation, etc.) implications.
Nine in 10 organizations report data loss because of public cloud use, which might warrant an additional focus on cybersecurity processes. Particularly, 51 percent of reported enterprise data loss results from misconfigured security trust policies. These vulnerabilities may disseminate via infrastructure as code (IaC) templates, causing widespread data loss across multiple cloud systems.
Modern enterprises require a shift in cloud security strategy that emphasizes improved configuration procedures, IAM optimization, and streamlined data classification.
By identifying the mechanics behind the top ten data breaches of 2020, enterprises can fine-tune their existing practices and assume a proactive stance toward eliminating data security risks.
The list begins with a major misconfiguration-related data breach with pharmaceutical giant Pfizer. Pfizer, the company that recently distributed the COVID-19 vaccine, suffered a large-scale data loss that exposed thousands of sensitive patient information on a misconfigured cloud storage bucket.
Compromised data included hundreds of recorded patient conversations from its customer service support software and patient credentials (i.e. home addresses, emails and mobile numbers) that enable malicious parties to launch elaborate phishing campaigns. Hackers may manipulate obtained information to impersonate Pfizer service support staff, referencing chat log information from transcripts to request patient information such as credit card details.
Enterprises can avoid similar misconfiguration issues by implementing and enforcing comprehensive controls throughout cloud domains. An automated cloud monitoring and access management platform enables administrators to block permission from unauthorized accounts while maintaining real-time monitoring and swift remediation processes.
UK-based cyber-security awareness and defense platform, Keepnet Labs, faced a recent data breach compromising over five billion emails and passwords. The incident occurred when Keepnet Labs hired a third-party contractor to migrate their ElasticSearch database to a cloud server. The third-party contractor disabled Keepnet's cloud firewall for 10 minutes to expedite the transfer process, which compromised database access.
Enterprises should always ensure that third-parties have the same level of security and enforcement as their own internal controls. Regular audits and checks will keep cloud security levels secure at all times. Malicious parties may also target and leverage vendor accounts with vulnerabilities to access critical resources within enterprise clouds. Continuous management of POLP (principle of least privilege) can serve as the most effective deterrence against third-party breaches by limiting all account permissions to the minimum required to fulfill assigned tasks.
In some cases, outsiders may obtain sensitive data without cracking the security of a Cloud system. Audio streaming company Spotify had over 350,000 user accounts compromised in a recent credential-stuffing attack. The process involves enumeration and reconnaissance procedures where hackers reuse login credentials from previous data breaches. Malicious parties would attempt various username and password permutations to reach a match.
Enterprises can prevent credential-stuffing and other weak authentication attacks by implementing stringent login processes. Advanced authentication protocols only accept registered, uniquely identifiable applications while rejecting anonymous requests. Additionally, an enterprise should apply proper network zoning for multi-tier application stacks, with compounded filtering rules that streamline traffic strictly from authorized sources.
Oracle-owned Web-tracking data bank BlueKai exposed billions of records containing personally identifiable information (PII) in an unsecured database. Compromised confidential data include emails, home addresses and web browsing activity, enabling malicious hackers to jeopardize personal identities (i.e., identity thefts and phishing scams).
Enterprises can significantly reduce the risks of a data breach with sophisticated password practices, including multi-factor authentication that provides an additional password encryption layer. Administrators may implement separation of duties (SoD) practices for optimal security by preventing a single entity from having full permission to perform a malicious action. For example, enterprises may render data encryption keys inaccessible to unauthorized/external users.
Insurance software provider Vertafore leaked the driver information of 27.7 million Texans to an unauthorized third party. The incident occurred because of human error when Vertafore staff transferred three data files into an unsecured external device. Exposed confidential information included driver license numbers, names, dates of birth, addresses, and vehicle registration histories.
For the best practices against human error, enterprises should maintain consistent monitoring of every access, permission, and action within the cloud. Automated cloud security monitoring enables enterprises to identify and respond quickly to inconsistencies and mitigate data loss.
Enterprises should also set up infrastructure baselines, which provide a complete picture of cloud environments, tracking every detail with maximum efficiency. Additionally, enterprises should plan to reach and maintain principle of least privilege (POLP) among user access across cloud platforms by setting trust policy guardrails and removing excess privileges.
Wildworks, the gaming company that created the popular kids game Animal Jam, reported the theft of 46 million user records containing confidential data. The company stated that the malicious party gained entry into a staff communication platform and obtained a secret key that granted access to Animal Jam's user database.
Organizations can eliminate similar data threats by optimizing secret and key management practices. Users should seek the most effective solutions that suit their cloud environment (i.e. multi-cloud compatible alternatives), which provide granular data access control through the restriction to a few identities. Enterprises should perform routine cloud system checks to prevent sloppy key exposure in code repositories and open storage with unsecured access.
Technology company Cisco Systems faced a severe data breach resulting from a former employee’s malicious actions through account management oversight. The former Cisco employee performed unauthorized access in the company’s cloud-hosted database and deleted 456 VMs that powered a collaborative software. Sudden account shutdowns across the cloud cost the company $1.4 million in remediation fees and $1 million in customer refunds.
Enterprises can avoid similar scenarios by always defining adequate privilege linked to each cloud account based on workload. Additionally, it is essential to monitor permissions to usage triage to achieve POLP. Organizations should perform due diligence on account creation and management processes to prevent the risks of excess permissions.
Two members of Shopify's support team conspired to steal confidential customer transaction informationfrom over 100 merchants. The stolen customer data include names, home addresses and order details. Such insider threats may happen anytime from "right under the nose" of organizations through the act of trusted authorized accounts.
Companies can reduce insider threats by restricting the use of highly privileged accounts while keeping a close watch on their activities at all times. SoD implementations will ensure that no single user has complete access to the database. Enterprises should also strictly monitor the use of root accounts and only use them in rare scenarios, such as changing a cloud support plan or closing an account.
A group of dating apps, including MobiFriends, faced a major data leak through misconfiguration, leading to the exposure of over 20 million (845 gigabytes worth) of highly sensitive user data. Additionally, the compromised cloud revealed confidential application infrastructure through unsecured admin credentials and passwords.
Organizations can optimize admin credential security by enforcing SoD practices in account creation and management. Enterprises should restrict every admin account to admin duties only and keep them monitored throughout their life cycle. Additionally, it is vital to remove inactive or dormant admin accounts (especially those with multiple permissions), as they may remain a potential target of database infiltration.
Communication technology giant Zoom saw an exponential rise in user activity throughout the COVID crisis as organizations tapped on its video conferencing capabilities for virtual operations.
However, the company became entangled in a series of security issues because of loopholes in the platform. The vulnerabilities led to the rise of "Zoom bombing,” where unauthorized users would hijack and disrupt conference calls. While Zoom responded by releasing follow-up features such as two-factor authentication, the company faces subsequent complaints of deceptive and unfair practices, possibly because of its wide attack surface.
An enterprise's service team can reduce the risks of compliance and safety issues by confirming the security of an app before proceeding with production. Companies can optimize the process by organizing teams to shift left through continuous auditing and reporting with organized alerts and actions. By shifting left, enterprises can remove blind spots and gaps from individual tools to reduce error risks. Ultimately, organizations should aim to make security an integral component in their workplace culture to keep their databases de-risked at all times. Sonrai Security provides advanced automated Cloud security solutions to help organizations maintain the safest and most compliant practices in their modern databases. We will help you get to least privilege and stay there to prevent the most sophisticated data threats.