Newsletter

Cloud Insecurity: Huge data breach shows a fundamental misunderstanding about protecting data stored in a Cloud

Researchers at vpnMentor have discovered an unprotected database on a Microsoft Cloud server that contains the personal information of ~80 million US households, including sensitive information like income and marital status. However, the team who found the information could not determine who owns or operates the insecure database.

 

Large breach of household-level data

The 24 GB database is believed to be one of the largest – if not the largest – breaches of household level data. The fields contain information on each person in the household, including

  • Marital status
  • Income
  • Full name
  • Data of birth
  • Age
  • Gender
  • Latitude and longitude of the physical address
  • Type of structure

Since the data relates to households that have multiple members, the number of individuals impacted could easily run into the hundreds of millions of US residents.

vpnMentor describes the data as a “goldmine” for identity thieves and malicious attackers, especially those hackers who rely on ransomware. “The only way to remove ransomware is by paying a fee – and with access to your income information, attackers know how much they can demand of you,” notes vpnMentor in the blog announcing the discovery.

Conclusions from the McAfee report.

This latest breach reinforces findings from McAfee’s 2018 report on cloud security that found an average of 2,200 security incidents per month are a direct result of misconfigured cloud services according to the 1,400 global IT professionals who participated in the study.

McAfee claims the root cause is often a lack of skilled cloud security team members and a continued reliance on manual processes – mirroring the same issues faced by teams deploying apps on-prem.  But, there is a more basic reason, according to one industry expert.

Goldmine for malicious attackers

“A lot of companies feel they have less responsibility for security once they move to the cloud, and that vendors will be accountable. That’s not the case,” according to Dannie Combs, chief information security officer at Donnelley Financial Solutions Inc., of Chicago in a Wall Street Journal interview.

What do you need for comprehensive protection?

You may also need additional tools and managed solutions to provide the comprehensive cloud data protection you want and your customers expect. While major cloud hosts do make some security tools available, it’s still your responsibility to apply them and monitor their effectiveness.

That’s understandable since many executives have the mistaken impression that once you move to a cloud environment, the burden for application and cloud data protection is built-in to the services you have purchased.

Clearnetwork reduces the burden on overworked and understaffed IT teams. We lower risks and costs so you can focus on protecting your business.

 

 

 

 

Ron Samson

Recent Posts

NOC vs SOC: How to Choose the Best Option for Your IT Infrastructure

In today's digitized world, the protection of a business's IT infrastructure has become more crucial…

2 weeks ago

SIEM and SOC: Key Differences and Why You Need Both

As cybersecurity threats grow more complex, organizations are turning to advanced solutions to protect their…

2 weeks ago

SIEM vs EDR: A Comprehensive Guide to Their Strengths and Uses

In the world of cybersecurity, two powerful tools frequently come up in discussions around threat…

3 weeks ago

SIEM Security Tool vs. Traditional Monitoring: What’s the Difference?

In the ever-evolving cybersecurity landscape, businesses are increasingly looking for ways to protect their data…

4 weeks ago

Choosing the Right Managed SIEM Solutions for Your Organization

In an increasingly digital world, businesses must be able to monitor, detect, and respond to…

4 weeks ago

What Does EDR Stand For in Threat Management?

In today’s digital world, security is a priority for every business, regardless of size. Cyber…

1 month ago