The 2 Lessons You Need To Learn From The Capital One Breach


Last month, Capital One went public with the news that they experienced a data breach, leaking the private info of more than 100 million people. Do you know what you should learn from this cybersecurity disaster?


News of major data breaches is becoming more and more common. Or, at least, it feels that way, right?

There was the Dunkin Donuts credential stuffing attack near the end of last year, the Toyota data breach in March, the Phishy Wirpo breach back in April, the list goes on and on.

Last month, another major data breach made headlines – Capital One was penetrated, and the personal information included in credit card applications of 100 million Americans and up to 6 million Canadians was leaked. The culprit, 33-year-old Paige Thomson, accessed the data from the Amazon side of Capital One’s AWS cloud configuration.

Before considering how this occurred, there’s a more important question to ask: why does this keep happening?

The simple answer?

Because very few businesses are learning how these breaches happen and what they should be doing to prevent it from happening to them. The fact is that cybercriminals can keep relying on the same old tactics to penetrate business’ systems because they keep working.

That’s why every time a breach like this occurs, it is vitally important that you find out how it happened and determine whether a similar vulnerability exists in your organization.

How Did The Capital One Data Breach Occur?

In this case, it all came down to firewall management.

The firewall, which should have provided protection between Capital One and AWS (where Thompson was at one point an employee), wasn’t configured properly. Thompson exploited this web application firewall, and subsequently accessed and shared 100 of millions of private records.

It’s really that simple. If the firewall had been configured properly, none of this would have happened.

In case you’re unclear, let’s cover the basics involved in this breach – what is a firewall?

Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data.

Firewalls are deployed via hardware, software, or a combination of the two. Many businesses also employ data encryption for an extra layer of security.

A firewall inspects and filters incoming and outgoing data in the following ways:

  • With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
  • Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
  • By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
  • With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
  • Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.

Next-Generation Firewalls perform an in-depth inspection of state and active directories, virtual private networks and packet filtering. They also come with additional features like active directory integration support, SSH, and SSL inspection, as well as malware reputation-based filtering.

Firewalls provide:

  • The ability to identify undesirable encrypted applications.
  • Prevention against network intrusions.
  • Intelligence in improving blocking decisions
  • Intrusion prevention.
  • A baseline for deviations from normal application behaviors.

How Can You Prevent This From Happening To You?

The lesson you should be learning from this breach is two-fold:

  1. Check Your Firewalls
    This is the most direct step you need to take. Don’t assume your firewall is configured correctly, or you may end up the same as Capital One.
    Have your IT support double-check and test your firewall configurations. Have a third-party double-check what your primary IT support is doing so that these steps are verified.
  2. Implement Processes To Prevent Similar Vulnerabilities

    Checking your firewall configuration is the most obvious lesson to learn here – so what comes after that? You need to develop a culture of cybersecurity best practices to eliminate vulnerabilities like this in every aspect of your defense.
    Your firewall may be properly configured, but what about your antivirus?
    The point is that you can’t make any assumptions when it comes to your cybersecurity. 

Now, that all may make sense to you, but the prospect of evaluating your cybersecurity from beginning to end may be a little daunting. Don’t worry – you don’t need to do it on your own.

The Elevate Services Group team is available to assist. We have extensive experience in helping organizations like yours to enhance their cybersecurity. We have 350 proven best practices that we implement to keep our clients protected from precisely this type of breach.