Securing Your Data: Avoiding Common Pitfalls that Lead to Breaches

This article originally appeared in SC Magazine.

According to IBM research, data breaches continue to be extremely costly for companies, causing damages averaging $4.35 million per incident. In a time when budgets are tightening, this is no time to throw additional funds out the window that could better be used elsewhere. 

This article explores many of the common vulnerabilities that have led to major breaches. By learning from past lessons, we can avoid future incidents. 

‍Many Cloud Breaches are Preventable

One glaring lesson from the major breaches that will come up is that many of them could have been prevented. The vulnerabilities exploited by attackers were unrelated to the latest Zero-day attack or a novel approach to circumvent security. They were due to a lack of visibility and taking action on what was discovered.  

These breaches serve as reminders of the importance of proactive security practices, comprehensive threat detection systems, timely patching, and continuous monitoring to mitigate potential risks and safeguard valuable data. Organizations must learn from these mistakes and prioritize data security to avoid becoming another casualty in the battle against cyber threats.

‍Misconfigurations

Misconfigurations are a significant cause of data breaches, often resulting in free access to sensitive information stored in open S3 and Azure buckets. The European Volleyball Confederation breach is a prime example of the consequences of misconfiguration. In this case, a publicly exposed cloud storage bucket allowed unauthorized access to hundreds of passports and identity documents. Had the organization been aware of the security posture of their storage, they would have known data could be exposed, allowing them to proactively stop it. 

The LastPass incident is a stark reminder of the dangers posed by data misconfigurations. On two distinct occasions, lapses in security protocol led to compromised S3 credentials and subsequent customer data theft. Initially, cyber attackers exploited a known vulnerability to access a developer’s account, pilfering the LastPass source code, among other valuable assets. Later, they leveraged stolen data and decryption keys to infiltrate LastPass’ AWS storage.

To safeguard against such vulnerabilities, businesses should adopt a proactive approach rooted in data-centric security. Before potential breaches, utilizing tools like data security posture management (DSPM) to fortify cloud data security is vital. This involves cataloging sensitive data, identifying vulnerabilities, and managing access protocols. During an active breach, data detection and response (DDR) tools can swiftly detect threats by pinpointing unauthorized or anomalous activity. After containing the breach, organizations must actively evaluate the compromised data, identify the exploited vulnerabilities, and take steps to prevent future occurrences.

Sensitive Data in Backups

One crucial aspect that organizations often overlook is the security of sensitive data in their backups. While they may have robust security measures in place for their live systems, the same level of attention is not always given to backups, leaving them vulnerable to unauthorized access. This oversight can prove disastrous, as demonstrated by the Uber breach. Despite having otherwise strong security practices, the breach occurred due to the lack of adequate protection for their backups.

The backups contained sensitive data and had no controls to limit visibility once someone could access them. Exploiting this overlooked vulnerability allowed attackers to steal personal information from millions of passengers and drivers. 

It serves as a stark reminder that organizations must ensure the same level of security is applied to their backups as their live systems. Implementing encryption, access controls, and regular vulnerability assessments for backup data can help safeguard sensitive information and prevent unauthorized access. Visibility is crucial to this process, as knowing the security posture of sensitive data, such as backups at all times, ensures that companies can take steps to avoid falling victim to a breach. 

‍Lack of Oversight

Data Access Governance (DAG) is pivotal in preventing data breaches by diligently controlling and monitoring access to sensitive information, ensuring that only authorized personnel can interact with it. For instance, the Uber breach, where the personal details of millions of passengers and drivers were compromised, can be attributed to insufficient DAG on their GitHub accounts, which housed crucial AWS credentials that attackers leveraged to access Uber’s data stores.

DAG operates on the foundational principle of “least privilege,” ensuring that users are only granted minimal access required for their specific roles. By adhering to this principle rigorously, organizations can considerably diminish the potential for unintentional data breaches and associated insider threats. However, DAG doesn’t stop at mere access restrictions. It underscores the importance of continuous auditing and monitoring. Systematic checks are in place to identify and rectify anomalies like over-granted permissions and broad allowances like “*.” By monitoring user-access patterns, DAG can also spotlight dormant permissions – those untouched for extended periods, such as 90 days – hinting that they might be superfluous and, therefore, candidates for removal. This approach employs a comprehensive threat model, meticulously examining how users engage with data, empowering organizations to detect and deter potential data breaches preemptively. 

Furthermore, managing access in fragmented data environments becomes crucial with the rise of multi-cloud and hybrid architectures. DAG tools often cater to unstructured data, ensuring that even non-database content, such as documents, is strictly controlled. Organizations bolster a layered defense strategy against potential data breaches through comprehensive DAG implementation.

Ignoring Red Flags

One critical lesson that organizations must learn is not to ignore data security red flags. They are responsible for taking proactive steps to protect their valuable data, especially when they are aware of existing issues. Ignoring warnings from external entities like the FBI or security engineers’ internal reports can expose organizations to significant risks. 

The Twitter breach serves as a striking example of this. Internal engineers had provided warnings about the collection of excessive data and poor security for limiting access. Despite being well aware of their exposures and receiving alerts from the FBI about a potential spy within their ranks, Twitter overlooked these red flags, leading to a detectable breach. 

Early warnings should be seen as opportunities for improvement and an urgent call to strengthen security measures. Organizations must foster a culture of proactive risk mitigation and ensure that red flags are thoroughly investigated, addressed, and integrated into their data security strategies.

Prevention by Detecting Posture

Give a rundown of how each of these breaches could have been prevented by simply identifying the data security posture and taking steps to remediate findings.

How Dig Prevents Data Exfiltration

Dig Security offers a complete data security strategy that empowers organizations to discover, classify, protect, and govern their cloud data, effectively preventing data breaches. Dig provides a comprehensive solution for safeguarding data with a unique combination of assessment and monitoring. Their powerful platform delivers real-time visibility into data risks, enabling companies to locate, classify, and prioritize potential threats across multiple public cloud environments. 

Organizations gain advantages over traditional security solutions by leveraging Dig’s advanced Data Security Posture Management (DSPM) and Data Detection and Response (DDR) capabilities. These innovative technologies redefine data security for modern enterprises, enhancing protection while alleviating the workload on IT and security teams. Dig’s cloud-native and agentless approach integrates Data Security Posture Management, Data Loss Prevention (DLP), and Data Detection & Response (DDR) into a unified platform. 

With Dig, organizations have a game-changing solution to effectively prevent data breaches. By tailoring its comprehensive data security strategy to the unique needs of today’s cloud-centric organizations, Dig Security helps reduce the likelihood and impact of data breaches. Improved security controls empower organizations to protect sensitive data and mitigate the risks of potential breaches or ransomware attacks.