Inside Out Security Blog   /     /  

Capital One's Cloud Breach & Why Data-Centric Security Matters

Capital One's Cloud Breach & Why Data-Centric Security Matters


    Capital One’s breach of more than 100 million customer records is making headlines around the world. The sheer number of stolen records, including social security numbers, credit card applications, and more places the breach near the top of a growing list of recent mega-breaches.

    Bloomberg BusinessWeek recently spoke with Varonis Field CTO Brian Vecci on the importance of data-centric security and the hefty fines hitting breached companies.

    Listen to the podcast.


    It’s a reminder that it only takes one malicious insider to wreak havoc for years to come. In this case, the attacker exploited a vulnerability in a web application firewall, gaining access to an elevated service account that could then read/copy sensitive files and folders in a cloud data store.

    Key takeaways from the podcast:

    • Breaches are commonplace and haven’t always mattered to many large institutions, but attitudes are changing with legislation like the GDPR and in California with the CCPA and companies are making data security a priority.
    • The ultimate responsibility for protecting data in the cloud lies with the companies that use cloud services. Companies must make sure the right monitoring and controls are in place.
    • Data is a company’s biggest risk: it’s growing faster than it ever has before. The collaboration and convenience of using cloud data stores mean companies have more data and more access to it by design.
    • Insiders are more sophisticated and know what they are doing, but companies are not consistently monitoring unauthorized data access.
    • Companies must measure and mitigate the risk associated with their data.
    • You need automation on your side: it is impossible to have enough people reviewing logs to solve the issue.

    While organizations focus on keeping attackers out, all too often the data itself remains widely accessible and unmonitored. Do you know how your data security stacks up? Varonis provides free risk assessments to get your data security pointed in the right direction.

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.

    Get a free Risk Assessment

    You can't protect what you don't know is vulnerable.

    Give us 90-minutes of your time, and we'll create a Free Risk Assessment that will open your eyes to your unknown weak spots—fast, and without adding work to your plate.

    Start Your Risk Assessment