The cloud is a great tool for a modern business, provided the resources a business is using are properly configured. Otherwise, the business is sitting on a potential security breach. Let’s talk about why this is, and what can be done about it.
To begin, let’s first identify what it is that makes cloud misconfiguration so very dangerous.
Let’s pretend for a moment that we’re a couple of cybercriminals, looking to make a big score. Regardless of what our game plan is, we’re going to need data in order to make it happen, whether that’s data we’ve stolen or data we’re preventing someone else from accessing.
So, where can we find this data? Since we’re the kind of cybercriminals to work smarter, not harder, we start searching for clouds with policies that aren’t set up correctly. Once we find one, we have access to chunks of data that we shouldn’t. From there, we could use this data to power more attacks. We might sell our services to other cybercriminals, pointing them toward an unsecured cloud and collecting a fee. This goal has seen an uptick in popularity, with AI-based toolkits now being offered to cybercriminals on a subscription basis.
While the prospect of a cybercriminal monetizing your stolen data is certainly not something that should be overlooked, there’s another issue at hand.
Back in 2017, more than 120 million households in the United States had their data exposed by a marketing and data analytics company, meaning that this breach involved effectively every United States citizen. Within the 36 gigabytes of data were 248 categorized divisions, outlining numerous types of personally identifiable information and other sensitive topics. Granted, no names were associated with this data, but it was comprehensive enough that cross-referencing this data with other information could fill in the blanks.
In 2018, a collection of 3.5 million records from a Los Angeles County non-profit were made available online, including employee access credentials, contact information, and detailed notes about those who contacted the nonprofit and their individual cases. Considering that this nonprofit served all kinds of needs for the residents of Los Angeles County, including abuse cases, this exposure was particularly risky.
Jumping ahead to 2021, a cybersecurity analytics company had a database, filled with 5 billion user records, exposed. With data involving names, email addresses, passwords, and vulnerability records, this breach put some considerably sensitive information out there.
In 2023, an automaker reported that the data of 260,000 customers was exposed from February of 2015 until May of 2023. Fortunately, there wasn’t any personally identifiable information shared, but the breach did include in-vehicle device IDs and map information.
In all of these instances, and countless more, the breach was caused because of a misconfigured cloud allowing the data to be publicly available.
We can help make sure your entire IT infrastructure and all it includes is managed and configured properly. Call us at (403) 210-2927 to learn more.
Comments