Capital One’s breach of more than 100 million customer records is making headlines around the world. The sheer number of stolen records, including social security numbers, credit card applications, and more places the breach near the top of a growing list of recent mega-breaches.
Bloomberg BusinessWeek recently spoke with Varonis Field CTO Brian Vecci on the importance of data-centric security and the hefty fines hitting breached companies.
It’s a reminder that it only takes one malicious insider to wreak havoc for years to come. In this case, the attacker exploited a vulnerability in a web application firewall, gaining access to an elevated service account that could then read/copy sensitive files and folders in a cloud data store.
Key takeaways from the podcast:
- Breaches are commonplace and haven’t always mattered to many large institutions, but attitudes are changing with legislation like the GDPR and in California with the CCPA and companies are making data security a priority.
- The ultimate responsibility for protecting data in the cloud lies with the companies that use cloud services. Companies must make sure the right monitoring and controls are in place.
- Data is a company’s biggest risk: it’s growing faster than it ever has before. The collaboration and convenience of using cloud data stores mean companies have more data and more access to it by design.
- Insiders are more sophisticated and know what they are doing, but companies are not consistently monitoring unauthorized data access.
- Companies must measure and mitigate the risk associated with their data.
- You need automation on your side: it is impossible to have enough people reviewing logs to solve the issue.
While organizations focus on keeping attackers out, all too often the data itself remains widely accessible and unmonitored. Do you know how your data security stacks up? Varonis provides free risk assessments to get your data security pointed in the right direction.