Public Cloud Breaches

We have a new product from Sophos called Cloud Optix.  It provides security visibility across the big 3 public clouds and a few others.  As I was doing my due diligence to understand the threat landscape and where a product like this can be valuable, I was chagrinned to learn about how much data has been stolen in the past few years.  Our Partner, Sophos, spun up environments in 10 of the most popular AWS data centers in the world.  The results are alarming.  In the first two hours, each device saw an average of 13 login attempts per minute.

No wonder these breaches occurred:

Verizon, mis-configured S3 buckets leaks names, phone numbers, PINs for millions of customers.  The data will allow attackers to get access to accounts and create cloned SIMs.  I was probably on this list.

Deep Root Analytics configured S3 Storage as public instead of private for Republican National Committee.  198 Million voter records exposed including DOB, phone numbers mailing addresses and other data.  I was probably on this list.

Election Systems & Software exposes virtually every registered voter in Chicago.  1.8 million Names, addresses, phone numbers, Socials and drivers license numbers.  Do you think their competitors are pointing this out to elections officials when trying to take over their accounts?  YES!

Now, here’s the thing.  You may look at these and think, hackers are not targeting the small or mid-size organizations.  The reality is that we, in fact, are the main targets, but we don’t make the news the way the Fortune 500 does when they expose data.  We also don’t have the resources to sustain a major catastrophe like Target and Saudi Aramco did.

Improve Your Cloud Security Posture

-Review your current security solutions and make sure you are taking advantage of what you have already purchased.

-When you have an incident, discuss it with your vendor, find out what you were doing wrong.  If they simply can’t catch it, you know you need to switch, but if you have config issues that get corrected, you know it won’t get you next time.

-Vulnerability Assessment (every other year even is better than nothing).  Assessments not only give you insight on where your exposed.  You may also learn how to do some of the assessing on your own moving forward.

-Evaluate Vendor Risk. Do your vendors connect to you, access you, have visibility into your environment?  If so, you may need a vendor risk management solution to ensure they are doing their part and aren’t the threat vector that causes your organization to be breached.

We help our clients in all these areas.  And we would love to help you too!