Why missing on Continuous Monitoring leads to Data Breaches - Capital One’s Breach Example
Data breaches have become more common over the years, and there is no stopping this inevitable act, you can only build security interfaces to counterfeit the attack, but their initiation can’t be stopped. This exposure of sensitive information and customer’s personal records can result in excessive fees, fines, security costs, as well as lost business revenues. These breaches don’t only cost a lot of money but can also destroy the reputation of your business considerably.
The top four public cloud security threats: the leading threats cited by respondents was a misconfiguration of the cloud platform (68%), up from third in 2019’s survey. This was followed by unauthorized cloud access (58%), insecure interfaces (52%), and the hijacking of accounts (50%).
The main security barriers to cloud adoption: respondents named a lack of qualified staff (55%) as the biggest barrier to the adoption – up from the fifth place in last year’s survey. 46% cited budget constraints, 37% data privacy issues, and 36% a lack of integration with on-premises security.
Existing security tools struggle with public clouds: 82% said their traditional security solutions either don’t work at all, or only provide limited functions in cloud environments, up from 66% in 2019 – highlighting an increase in cloud security issues over the past 12 months.
Public cloud is riskier: 52% of respondents considered the risk of security breaches in public clouds higher than in traditional, on-premises IT environments. Just 17% see lower risks, and 30% believe the risks are about the same between the two environments
Cloud security budgets to rise: 59% of organizations expect their cloud security budget to increase over the next 12 months. On average, organizations allocate 27% of their security budget to cloud security.
What is Continuous Monitoring?
Many cloud companies have hundreds of vendors, and third-party risk exposure is one of the biggest threats these have to face. Each one of these third party institutions poses a great amount of risk to the organisation’s safety in the cloud environments due to their interaction with many others. Cloud systems, although serving as a beacon of hope when it comes to maintaining the security of important data companies have stored in there, but it too can be breached. That is why the need to have continuous monitoring by your side is a must-have.
It refers to the practices of continuously having an eye over the distant operations of the cloud and how users interact with it in order to manifest a list of possible security elements and practices. These should be embedded within the cloud to make sure that its interaction can be rendered safe with users interacting with it and to limit the possibility of cyber breaches.
Cyber attacks and breaches through third parties have become more common than ever; continuous third party monitoring helps in the improvement of various elements. Out of these the event identification time, event remediation time, response time to events, and industry-specific technology trends are the most common and can be achieved with the help of continuous monitoring.
It only takes one small weakness or misconception within the security system of the cloud for the hackers to extract useful information such as the personal and financial details of the enterprises. That is why these should actively be guarded by continuous monitoring for the sake of eliminating this factor from the equation altogether. If you are missing on the continuous monitoring, then know that there would be even more breaches, even more ways through which the security of the cloud systems can be hijacked and used by the hackers into their own advantage.
Capital One Data breach; how it happened? Its significance and the damage done.
Capital one data breach is the most recent act of cyber terror that grasped the data of over 100 million user accounts stored within the cloud. And the most surprising element of this attack is that it was the doing of a single hacker, to begin with. This raises a troubling question that are enterprises becoming too negligible over the security of the cloud systems?
What happened during the capital one attack?
Capital one is a digital organisation with all of its operations hosted by the AWS cloud systems. According to the representatives of the capital one, they are AWS's most vocal customers who appear at every convention or event sharing insights about the security of the cloud and how further positive practices can be adapted, to begin with. But ironically the last incident of capital one breach struck right at the heart of capital one's operation hosted within the AWS cloud systems. The hacker, Paige Thompson, who was a software engineer at AWS, formerly exploited the misconfiguration within the web application firewall of AWS systems and got in.
She got her hands on all kinds of information such as social security and bank account number of the users, credit histories, balances within their account, and many more. She used the smartest intrusion attack of them all in which the server can be tricked into running a series of commands and lines of code which under normal circumstances it never should—thus allowing anyone behind the scenes an easy entry into the cloud systems.
Whose responsibility is it to secure the cloud?
Division of responsibility for cloud security
When it comes to securing the cloud and the assets that people have on it, most of the cloud vendors such as Amazon and Azure have a shared responsibility model. This model clearly states that it is the responsibility of both the cloud vendor and the user to maintain the integrity or security of the cloud systems. These cloud vendors assume that they are responsible for managing the cloud infrastructure, but it is the responsibility of the user to secure their cloud. Such as it is their responsibility to install the patches and security updates as soon as these are rolled out by the cloud vendors for an additional measure of security against the latest cyber-attacks.
That is why capital one had to go through such hard times; the breach was the result of negligence on their part as they failed to update their network configuration systems they use for connecting with the cloud. This left a vulnerability open which was later exploited by the hacker who not so surprisingly enough after the carelessness of capital, one was able to enter their cloud interface and steal valuable data.
With more and more digital organisations moving their assets to the cloud, it is the responsibility of the organisation to make or audit the checklists pertaining to the security practices that need to be adapted. Other than that these organisations must continuously monitor the security performance and configuration of these systems for the sake of undermining any ill correspondence whatsoever. This way the aberrations that remain and the sections where security is still flawed can be fixed, otherwise the cyber-attacks are imminent, and cloud alone can’t protect your data for you.
Make sure that your organisation takes the security of their cloud pretty serious and are willing to do whatever it takes for it to stay that way for longer periods of time.
The landscape is ultimately quite complex, and continuous monitoring of cloud Identities (that we will cover in the next article) and compliance will ultimately save a lot of pain, and money.
Get in touch