You are currently viewing You’ve Been Hacked!

You’ve Been Hacked!

According to Cost of a Data Breach, an organization will experience a data breach increases every year. Malicious data breaches are the most common, the costliest, and the most difficult to contain. Right now, countless organizations are experiencing the horrors associated with compromised data every minute of every day. Uber, AWS, Facebook are just a few of the successful giants that have dealt with such a fate.

In 2018, 55,000 accounts were affected when two hackers admitted to using Amazon web server logins belonging to Lynda employees to access customer information. They then used this data and in contacting the corresponding company, extorted them for hundreds of thousands of dollars worth of bitcoin. In a strange twist to the case, the group also admitted to hacking Uber in 2016 in a breach that compromised 57 million users. Uber who initially chose to keep the incident a secret, was slapped with a $148 million fine and will be required to submit to 20 years of privacy audits. By not reporting the breach were not only faced with lost business anyway but they were also slapped with a fine as well.

Overall, 2019 was a grim year for securing sensitive information. Names, addresses, and demographic data of 80 million US households were revealed. Expected salaries of over a million US households as well as thousands of Facebook passwords, likes, and comments were revealed as well. In the case of Facebook data, a third-party company stored the information incorrectly.

In April 2019 Facebook had over 540 million customer-related records exposed according to UpGuard, a cybersecurity research firm. Once again, data stored on AWS servers are compromised. In September 2019 an unsecured AWS server exposed phone numbers that could be matched with Facebook accounts. These are only the known cases of data compromised related to Facebook’s AWS servers. These thieves did not have to break in, they merely exploited machines with improperly utilized security settings. With cybercrime and security breaches, now more than ever it is vital to secure organization data especially if placed in the cloud.

Stories like this should stand as a cautionary tale that breaches need to be revealed publicly as soon as they happen. LinkedIn did the right thing and chose to reveal the incident as soon as they became aware of it rather than trying to cover it up. As a result, they only have to face the prospect of lost revenues rather than also incur an FTC or similar fine. This ties onto the statistic presented in the last issue of this newsletter: The longer a breach takes to contain, the more it costs. Mistakes like these could have easily been avoided with the simplest password protection, encryption, and other DevSecOps consideration. Masking tools can be employed to ensure that no sensitive information exists in the cloud ensuring no risk to the customers whose information you are storing.

Migrating to the cloud requires a plan: what data to put on the cloud, how to secure what you decide to put there, who gets access to it once it is up there, and numerous other considerations. For a data set stored in the cloud to be truly secure, an additional level of security is required. Completely secure your data by choosing an appropriate masking tool to obfuscate data stored within the cloud. Axis Technology LLC recommends unmasked customer information should never be stored in the cloud at all. Additionally, automation processes and AI can be used to further boost security, reducing the possibility of a breach.

Talk to an expert and we will help you save money and gain the trust of your customers because If your customers do not trust that you are properly securing your data in the cloud, they will decide your fate with their wallets.

Axis Technology, LLC

Axis Technology, LLC is a leading Data Security firm based in Boston. We work with clients worldwide architecting and implementing solutions that speed up access to secure data. Axis has built a reputation as experts in Data Security solutions using next-generation software products that get the job done fast. Almost 20 years ago we started doing custom data security solutions for our financial services clients in Boston and New York City. As time went on, we built a data privacy product DMsuite, which became popular in both the financial services and healthcare markets. Eventually, we sold DMsuite to Delphix and now focus all of our energy on helping Fortune 500 companies secure and provision their data faster than ever before!