It’s only April, but when it comes to data breaches in 2019, we’re already looking at a long list, one that needs updating every week, if not every day.
We recently learned that Airbus had billions of employee credentials dumped on the Dark Web. If it turns out that Airbus had its data improperly stored or secured, the aviation firm could be facing a massive fine under the GDPR regulations.
We also found out that the IT security giant Rubrik exposed a huge cache of customer information — with no password protection — in an Amazon Elasticsearch database.
We discovered that India’s largest bank, the government-owned State Bank of India, also failed to password-protect a crucial server. In that case, millions of account balances, partial account numbers and recent transactions were displayed to anyone who knew where to look.
We read about the Canadian city of Saint John, where some 6,000 people had their credit card information sold off after it was skimmed by a third-party system for the payment of parking fines.
And that was just January.
More recently, the news has been even worse. In March, we learned that Citrix lost at least six terabytes of sensitive data to a group of international cybercriminals. No one at Citrix knew this had happened; they had to hear about it from the FBI. To add to its profound humiliation, Citrix had to announce that “the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords.” Citrix market cap dropped $260M that day. For poor use of … passwords.
But wait, there’s more! Also in March, security researchers Bob Diachenko and Vinny Troia discovered and reported the online exposure of an astonishing 808,539,939 records. It is possibly the largest data breach in history. These records were stored in an unprotected, publicly accessible MongoDB database. It contained 150 gigabytes of detailed, plaintext marketing data, including 763 million unique email addresses. The cache was stored by an email verification outfit called Verifications.io. The company quickly disappeared from the internet, but their aura of sketchiness remains, as they appear to have links to addresses in Florida, California, Delaware and Estonia.
We’ll probably never get any comment from Verifications.io, but in any other breach, the institutional responses can be predicted almost word for word. We’re certain to hear an expression of profound regret, a promise of redoubled vigilance and an assertion that customer security remains the organization’s highest priority.
Unfortunately, the familiar words no longer offer much comfort. We’re in the midst of a global data-security crisis, and the common thread to so many of these breaches boils down to poor control of individuals identities: username/password pairs are clearly not a sufficient mechanism for controlling access to IP and corporate data.
Part of the problem stems from the rise of the third-party vendor. Enterprises today have become so reliant on outsiders that they are effectively entrusting security to hundreds, if not thousands, of complete strangers. Tens of thousands of businesses operate with the naïve hope that all those strangers have the training, professionalism, and desire to safeguard their secrets.
In other cases, the vulnerability is a product of the complexity of digital enterprise. Supposedly advanced organizations are still holding data in centralized systems that make the hacker’s job easy. Or they might be grappling with new multi-cloud environments that obscure visibility into the privileges being exercised by individual service accounts or employees.
But, ultimately, confusion over complexity doesn’t stand as an excuse. And the responsibility for data security is not something that can be outsourced.
Tehama answers the problem with a zero-trust workspace that takes human error and malice out of the equation. We designed our cloud-based collaboration platform to answer an obvious need of modern enterprise: higher levels of identity management, airtight security and compliance, with none of the underlying complexity offloaded onto the user.
Tehama was built with a clear-eyed recognition of how any business today needs to operate. Your workforce and third-party resources might be all over the world, and you need a way to collaborate that’s secure without compromising your nimbleness and agility. Tehama is the way. Before Tehama, the process of onboarding and securely engaging a contingent workforce took months, and it required significant investment. With Tehama, the process happens in minutes, and it comes to you at an affordable cost - with an utmost focus on identity and access control, nullifying these very common breach vectors.
On Thursday April 18, Paul Vallée, President and CEO of Tehama will be speaking about Supply Chain Security at the Cybersecurity and Identity Summit in Ottawa. Contact us today for complimentary tickets.
To learn more about Tehama, download the white paper.