Many cloud breaches are preventable – often the result of poor visibility and the inability to take action on discovered risks. It’s often common vulnerabilities – not novel attacks or zero-days – that lead to major, headline-grabbing breaches.
These incidents underscore the importance of proactive security practices, comprehensive threat detection, timely patching, and continuous monitoring to mitigate potential risks and safeguard valuable data. To avoid becoming another casualty in the battle against cyber threats, data security has become a top priority.
Here are five common pitfalls that security teams face and how to avoid them:
Misconfigurations
Misconfigurations are a common cause of data breaches that start with free and open access to sensitive information often stored in Amazon S3, Azure, or Google Cloud Platform buckets. Take the European Volleyball Confederation breach. In this case, a publicly-exposed cloud storage bucket allowed unauthorized access to hundreds of passports and identity documents. Had the organization been aware of the security posture of their storage, they would have known where data was exposed.
The LastPass incident serves as another stark reminder of the dangers posed by data misconfigurations. On two distinct occasions, lapses in security protocol led to compromised S3 credentials and subsequent customer data theft. Initially, cyber attackers exploited a known vulnerability to access a developer’s account, pilfering the LastPass source code among other valuable assets. Later, they leveraged stolen data and decryption keys to infiltrate LastPass’ AWS storage.
Click for more special coverage
To safeguard against such vulnerabilities, businesses must stay proactive, rooting their approach in data-centric security. Before potential breaches take place, it’s vital to use tooling such as data security posture management (DSPM) to fortify cloud data security. This involves cataloging sensitive data, identifying vulnerabilities, and managing access protocols. During an active breach, data detection and response (DDR) capabilities can detect threats by pinpointing unauthorized or anomalous activity. After containing the breach, organizations must actively evaluate compromised data, identify the exploited vulnerabilities, and take steps to prevent future occurrences.
Sensitive data in backups
Security teams often overlook backups. While an organization may have robust security measures in place for their live systems, security teams don’t always give the same level of attention to backups, leaving them vulnerable to unauthorized access. This oversight can prove disastrous, as demonstrated by the Uber breach. The breach stemmed from inadequate protection for backups that contained sensitive data and had no controls to limit visibility once someone accessed them. Despite Uber’s otherwise strong security practices, this overlooked vulnerability let attackers steal personal information from millions of passengers and drivers.
It serves as another reminder that organizations must apply the same level of security to backups as live systems. Implementing encryption, access controls, and regular vulnerability assessments for backup data can help reduce the attack surface, safeguard sensitive information and prevent unauthorized access. Visibility and classification are crucial, and security teams also must keep the data fresh at all times to ensure that steps are taken to avoid falling victim to a breach.
Lack of oversight
Security teams also have to think of Data Access Governance (DAG) to prevent data breaches by diligently controlling and monitoring access to sensitive information, ensuring that only authorized personnel can interact with it. For instance, we can attribute the Uber breach, where the personal details of millions of passengers and drivers were compromised, to insufficient DAG on their GitHub accounts. These accounts house crucial AWS credentials that attackers leveraged to access Uber’s data stores.
DAG operates on the foundational principle of “least privilege,” ensuring that users are only granted access required for their specific roles. By adhering to this principle, organizations can diminish the potential for unintentional data breaches and associated insider threats. However, DAG doesn’t stop at mere access restrictions. It underscores the importance of continuous auditing and monitoring. Systematic checks identify and rectify anomalies like over-granted permissions and broad allowances like “*.” By monitoring user-access patterns, DAG can also spotlight dormant permissions – those untouched for extended periods, such as 90 days – hinting that they are potentially superfluous and candidates for removal. This approach employs a comprehensive threat model, meticulously examining how users engage with data, empowering organizations to detect and deter potential data breaches preemptively.
Furthermore, managing access in fragmented data environments becomes crucial with the rise of multi-cloud and hybrid architectures. DAG tools often cater to unstructured data, ensuring that even non-database content, such as documents, gets strictly controlled. Organizations bolster a layered defense strategy against potential data breaches through comprehensive DAG implementation.
Ignoring red flags
Organizations must learn not to ignore data security red flags and take proactive steps to protect their valuable data, especially when they are aware of existing issues. Ignoring warnings from external entities like the FBI or internal reports from security engineers can expose organizations to significant risks.
In the January 2023 Twitter breach, internal engineers had provided warnings about the collection of excessive data and poor security for limiting access. Despite being well aware of their exposures and receiving alerts from the FBI about a potential spy within their ranks, Twitter overlooked these red flags, leading to a detectable breach.
Early warnings are opportunities for improvement and teams should consider them an urgent call to strengthen security measures. Organizations must foster a culture of proactive risk mitigation and ensure that red flags are thoroughly investigated, addressed, and integrated into their data security strategies.
Not focusing on security posture
Detecting an organization’s data security posture has emerged as the crux of preventing many data breaches. By comprehensively understanding and assessing data security posture, security teams can more proactively identify vulnerabilities and potential weak points. Many of these headlining breaches could have been avoided if these organizations had a clear view of their data security landscape and taken timely remedial actions.
So, whether by misconfigurations, insufficient backup security, or inadequate data access governance, recognizing these vulnerabilities early and addressing them may have prevented many costly breaches. As the digital landscape evolves, organizations must prioritize regular checks of their data security posture and take steps to rectify identified issues.
Dan Benjamin, co-founder and CEO, Dig Security