
Warren Poschman
Senior Solutions Architect /*=$expert->feature_status*/ ?>
comforte AG
Comments Dotted :
15
November 10, 2020
Historical log data was dumped to the S3 bucket and contained large amounts of PII and PCI related data.
The Prestige breach is the latest in a long trail of data leaked due to misconfigured cloud resources and S3 buckets in particular. Historical log data was dumped to the S3 bucket and contained large amounts of PII and PCI related data. While this could have been mitigated by simply accepting the default S3 permissions to deny access, the root of the issue is that hotels and other organizations are playing with live data when they should instead be leveraging a data-centric security model to.....Read More

October 12, 2020
Another week, another AWS misconfigured server.
Another week, another AWS misconfigured server. It is clear that those that choose to use cloud-based databases must perform necessary due diligence to configure and secure every corner of the system properly. Sadly, with the recent wave of AWS, ElasticSearch, MongoDB, Big Data, and other Open Source breaches, it does look like security is not being taken seriously enough.
Healthcare institutions are seen as softer targets as not only are these systems just as rich with data as the traditional .....Read More

October 09, 2020
These technologies prevent breaches, accidental or otherwise, and ensure that the most sensitive data is identified and protected.
As the revelations that the UK’s Crown Prosecution Service (CPS) underscore, although many consider a breach to be driven by cybercriminals, the biggest contributor is still old fashioned human error. Whether it be from innocent, unintentional mistakes at one end of the spectrum to depraved indifference and incompetence at the other end, many of these unintended disclosures stem from the presence of sensitive data. In some cases the sensitive data is extraneous – such as pulling analytics .....Read More

September 24, 2020
The chances of a breach are higher than ever before for online retailers.
The Shopify attack is the perfect example of the risks many organisations face. The chances of a breach are higher than ever before for online retailers especially with so many consumers preferring online shopping due to the current pandemic. While it can be difficult to immediately identify a rogue employee or malicious insider, the damage they can do can be irreversible and can create a lot of distress on both the business side and on consumers as fraud is easy to commit with stolen or.....Read More

September 23, 2020
The best strategy is to avoid sole reliance on key-based data protection.
One of the biggest problems when encrypting data is secure key management - when hackers gain access to encryption keys they start looking for data to decrypt because they know it has some value. The age-old adage rings true with the breach at ArbiterSports – encryption is easy, key management is hard. Keeping encryption keys accessible but secure is challenging when encrypting sensitive data in backup files, databases, cloud repositories, and other areas.
The best strategy is to avoid.....Read More

August 31, 2020
Data-centric security offers the most benefit by allowing data to be protected and remain secure even if it is shared, stolen, or misused.
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed. Organizations need to ensure that the.....Read More

August 31, 2020
Data-centric security offers the most benefit by allowing data to be protected and remain secure even if it is shared, stolen, or misused.
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise.
What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed.
Organizations need to ensure that .....Read More

August 14, 2020
The security challenge for healthcare operators is extremely difficult.
The healthcare industry may be the most vulnerable of all industries to cyber attacks. It's about the data healthcare operators have access to. The security challenge for healthcare operators is extremely difficult, especially when data is stored in different locations and accessed through various technologies. However, we may be seeing a shift in approaches from ‘secure the technology,’ to ‘secure the data,’ which will reduce the threat of data loss and exposure when (not if) a.....Read More

May 08, 2020
How any system can fall vulnerable to hackers if security is not prioritised.
Online databases are always going to be a target for hackers because they store masses of personal information and they are equally as quick to monetise this data through the dark web for their own gain. The data we input to online systems, even educational platforms like this, can be very valuable to bad actors and as a private individual, sometimes there’s no way to be sure that the services we use are protected by an adequate amount of security. The fact that Unacademy can be a target of.....Read More

March 27, 2020
Enterprises need to step up to the plate and take responsibility for the data.
In a regrettable yet avoidable trend, Data Deposit Box is another example of a company that has failed its customers by failing to undertake proper security measures. Surely, heads will roll within their organization, but it's customers that are left with their personal information exposed, resulting in the sting of a privacy violation and the possible lingering pain of identity theft.
In this case, data was left unprotected on AWS S3 storage – something that is 100% avoidable since AWS S3.....Read More
