It was announced today that a third-party app used by EU merchants on Amazon UK, Ebay and Shopify was found to have exposed 8 million sales records containing customers’ personal data.
The DevOps revolution and cloud computing have resulted in a double edged sword for enterprises. The same tools that enable organizations to move fast have caused untold, embarrassing breaches like this, showcasing the direct result of rapid adoption without sufficient security oversight. These security incidents continue to recur, all following the same script – customer data gets uploaded to cloud server; well-meaning developer neglects to password protect or encrypt that externally exposed database; hacker or threat researcher exposes the data. Unencrypted, unauthenticated, publicly accessible databases wait for bad actors to discover them.
Despite billions invested in security, enterprises are failing at the infosec equivalent of washing their hands. Since an organization can\’t improve what it can\’t measure, the starting point for a company to improve their cyber hygiene is to inventory, categorize, and measure the criticality of their assets. From there, basic resilience begins with identity, encryption, and network segmentation.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics