Breach Watch Aims to Be a Useful Hub of Information About Data Breaches Related to Public Cloud Security
Data breaches and security incidents are becoming increasingly costly. The Ponemon Institute reports that the average cost of a data breach is over $3.86 million. Globally, US organizations face the highest costs with an average of $8.19 million per breach that is driven by complex regulations that can vary from state-to-state. The data breach examples showcased on this page are the most high-profile cloud security events, but the financial impact of suffering a data breach remains high for companies of all shapes and sizes.
Data is rapidly becoming one of the most valuable assets in the modern world. With data breaches happening throughout the world on a regular basis, securing identities and data in public cloud is now more important than ever. Data breaches, whether they are caused by a misconfiguration, malicious insider, or human error, can result in the compromise of billions of personal records. From financial access to patient healthcare records, some of the biggest companies have had data leaks at one point or another. And many of these companies are chosen because they are in target industries, like healthcare or financial services. Data breaches in public cloud are difficult to identify, are very costly to address, and cause reputational damage that some businesses may never recover from. However, given the value of data and the inevitability of risk, the best that an organization can do to mitigate the effects of a breach is to implement the right public cloud security solutions to prevent, remediate and reduce the blast radius of a data breach. Below you'll find a map of the data breaches or information security events in which personal information was publicly exposed or accessed without authorization through public cloud resources or error.
Whether government institutions, financial services, healthcare, or retail, no industry is immune to data breaches. Below are some examples.
Through human error, a misconfigured AWS S3 bucket linked to Magecart attacks leads to massive data breach
Misconfiguration means that the public cloud server instances, such as storage and compute, are configured in such a way that they are vulnerable to breaches. The reason cloud misconfigurations are increasing is due to a lack of visibility, as well as rapidly growing public cloud adoption.
Human mistakes will happen and will not be deliberate at times, but these errors can still wreak havoc in an organization. Employees accidentally send proprietary data to the wrong person, upload it to public shares, or misconfigure a server where it is stored.
The simplest and most common situation is when an insider uses legitimate permissions for malicious activities. Malicious insiders come in a variety of flavors, and they are not easy to spot.
An attack based on privilege escalation is likely to be much easier if the point of entry is an account that already has a high level of privileges. You can prevent unauthorized users from wreaking havoc by continuously monitoring access across multiple cloud providers and 3rd party data stores.
People who access unauthorized keys and digital authentication credentials, such as passwords, APIs, and tokens (“secrets”) can accidentally expose a company’s most valuable data on the internet. Organizations need to keep all the information contained in services, apps, privileged accounts, and other parts of the cloud ecosystem secure.
Users with access to more data than they require. Users with too many administrative privileges — “overprivilege” — can make it difficult for organizations to properly manage user identities and data access