News of major data breaches is becoming more and more common. Or, at least, it feels that way, right?
There was the Dunkin Donuts credential stuffing attack near the end of last year, the Toyota data breach in March, the Phishy Wirpo breach back in April, the list goes on and on.
Last month, another major data breach made headlines – Capital One was penetrated, and the personal information included in credit card applications of 100 million Americans and up to 6 million Canadians was leaked. The culprit, 33-year-old Paige Thomson, accessed the data from the Amazon side of Capital One’s AWS cloud configuration.
Before considering how this occurred, there’s a more important question to ask: why does this keep happening?
The simple answer?
Because very few businesses are learning how these breaches happen and what they should be doing to prevent it from happening to them. The fact is that cybercriminals can keep relying on the same old tactics to penetrate business’ systems because they keep working.
That’s why every time a breach like this occurs, it is vitally important that you find out how it happened and determine whether a similar vulnerability exists in your organization.
In this case, it all came down to firewall management.
The firewall, which should have provided protection between Capital One and AWS (where Thompson was at one point an employee), wasn’t configured properly. Thompson exploited this web application firewall, and subsequently accessed and shared 100 of millions of private records.
It’s really that simple. If the firewall had been configured properly, none of this would have happened.
In case you’re unclear, let’s cover the basics involved in this breach – what is a firewall?
Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data.
Firewalls are deployed via hardware, software, or a combination of the two. Many businesses also employ data encryption for an extra layer of security.
A firewall inspects and filters incoming and outgoing data in the following ways:
Next-Generation Firewalls perform an in-depth inspection of state and active directories, virtual private networks and packet filtering. They also come with additional features like active directory integration support, SSH, and SSL inspection, as well as malware reputation-based filtering.
The lesson you should be learning from this breach is two-fold:
Now, that all may make sense to you, but the prospect of evaluating your cybersecurity from beginning to end may be a little daunting. Don’t worry – you don’t need to do it on your own.
The Elevate Services Group team is available to assist. We have extensive experience in helping organizations like yours to enhance their cybersecurity. We have 350 proven best practices that we implement to keep our clients protected from precisely this type of breach.