Expert(s):
Senior Solutions Architectfeature_status*/ ?>
comforte AG

Comments Dotted : 15
November 10, 2020

Experts Insight On Hotel Booking Firm Leaks Info From Millions Of Guests
Historical log data was dumped to the S3 bucket and contained large amounts of PII and PCI related data.
The Prestige breach is the latest in a long trail of data leaked due to misconfigured cloud resources and S3 buckets in particular. Historical log data was dumped to the S3 bucket and contained large amounts of PII and PCI related data. While this could have been mitigated by simply accepting the default S3 permissions to deny access, the root of the issue is that hotels and other organizations are playing with live data when they should instead be leveraging a data-centric security model to.....Read More
The Prestige breach is the latest in a long trail of data leaked due to misconfigured cloud resources and S3 buckets in particular. Historical log data was dumped to the S3 bucket and contained large amounts of PII and PCI related data. While this could have been mitigated by simply accepting the default S3 permissions to deny access, the root of the issue is that hotels and other organizations are playing with live data when they should instead be leveraging a data-centric security model to allow data to be protected as it is acquired and traverses through the organization regardless of where it is stored or accessed. Data-centric protection using technologies like tokenization allows the organization to use the protected data for day-to-day operations, analytics and data sharing – in this case it could have meant avoiding a breach entirely because the S3 bucket would have only contained de-identified, secure data.  Read Less
October 12, 2020

Experts On Millions Of Records Belonging To Medical Testing Firm Found Exposed Online
Another week, another AWS misconfigured server.
Another week, another AWS misconfigured server. It is clear that those that choose to use cloud-based databases must perform necessary due diligence to configure and secure every corner of the system properly. Sadly, with the recent wave of AWS, ElasticSearch, MongoDB, Big Data, and other Open Source breaches, it does look like security is not being taken seriously enough. Healthcare institutions are seen as softer targets as not only are these systems just as rich with data as the traditional .....Read More
Another week, another AWS misconfigured server. It is clear that those that choose to use cloud-based databases must perform necessary due diligence to configure and secure every corner of the system properly. Sadly, with the recent wave of AWS, ElasticSearch, MongoDB, Big Data, and other Open Source breaches, it does look like security is not being taken seriously enough. Healthcare institutions are seen as softer targets as not only are these systems just as rich with data as the traditional targets but security often lags due to the focus on, in the case of healthcare, patient care over IT. Clearly, Dr. Lal PathLabs Ltd have an enormous treasure of sensitive data, so besides improving their perimeter defense, they should explore a data-centric security approach. That way, they could pro-actively protect their data against breaches instead of playing constant catch up in terms of addressing the many different root causes that can lead to cyber incidents.  Read Less
October 09, 2020

Expert Insight: CPS Under Fire Again After Data Breach Cases Jump 18%
These technologies prevent breaches, accidental or otherwise, and ensure that the most sensitive data is identified and protected.
As the revelations that the UK’s Crown Prosecution Service (CPS) underscore, although many consider a breach to be driven by cybercriminals, the biggest contributor is still old fashioned human error. Whether it be from innocent, unintentional mistakes at one end of the spectrum to depraved indifference and incompetence at the other end, many of these unintended disclosures stem from the presence of sensitive data. In some cases the sensitive data is extraneous – such as pulling analytics .....Read More
As the revelations that the UK’s Crown Prosecution Service (CPS) underscore, although many consider a breach to be driven by cybercriminals, the biggest contributor is still old fashioned human error. Whether it be from innocent, unintentional mistakes at one end of the spectrum to depraved indifference and incompetence at the other end, many of these unintended disclosures stem from the presence of sensitive data. In some cases the sensitive data is extraneous – such as pulling analytics reports that contain full datasets instead of minimally targeted ones – while in other cases the data is absolutely necessary. To truly get a handle on where data is and who is using it – not to mention the data that exists but isn’t being used – organizations absolutely must be performing continuous discovery and classification followed by rigorous protection of the identified sensitive data using data-centric security technologies such as tokenization. These technologies prevent breaches, accidental or otherwise, and ensure that the most sensitive data is identified and protected regardless of where it exists or who has possession of it – all while maintaining the referential integrity so that analytics, searching, and access by authorized users is still possible.  Read Less
September 24, 2020

Shopify sees malicious employees steal merchant data: Security expert commentary
The chances of a breach are higher than ever before for online retailers.
The Shopify attack is the perfect example of the risks many organisations face. The chances of a breach are higher than ever before for online retailers especially with so many consumers preferring online shopping due to the current pandemic. While it can be difficult to immediately identify a rogue employee or malicious insider, the damage they can do can be irreversible and can create a lot of distress on both the business side and on consumers as fraud is easy to commit with stolen or.....Read More
The Shopify attack is the perfect example of the risks many organisations face. The chances of a breach are higher than ever before for online retailers especially with so many consumers preferring online shopping due to the current pandemic. While it can be difficult to immediately identify a rogue employee or malicious insider, the damage they can do can be irreversible and can create a lot of distress on both the business side and on consumers as fraud is easy to commit with stolen or accessed account information. Currently, classic security defenses like firewalls, strong authentication and access management, volume-level encryption, and IPSec, which many businesses still leverage, only protect you from known attack methods and often fail when it comes to insider threats To do that effectively, tokenization should be used as the data remains anonymised throughout its use. Retailers want to provide a positive service to consumers but to get this right, businesses must protect their customer's data.  Read Less
September 23, 2020

Experts On News that Data of more than 500,000 referees stolen in ransomware attack
The best strategy is to avoid sole reliance on key-based data protection.
One of the biggest problems when encrypting data is secure key management - when hackers gain access to encryption keys they start looking for data to decrypt because they know it has some value. The age-old adage rings true with the breach at ArbiterSports – encryption is easy, key management is hard. Keeping encryption keys accessible but secure is challenging when encrypting sensitive data in backup files, databases, cloud repositories, and other areas. The best strategy is to avoid.....Read More
One of the biggest problems when encrypting data is secure key management - when hackers gain access to encryption keys they start looking for data to decrypt because they know it has some value. The age-old adage rings true with the breach at ArbiterSports – encryption is easy, key management is hard. Keeping encryption keys accessible but secure is challenging when encrypting sensitive data in backup files, databases, cloud repositories, and other areas. The best strategy is to avoid sole reliance on key-based data protection - deploying tokenization drastically reduces the chances of sensitive data being revealed because the data is replaced with meaningless, de-identified data and there is no key for an attacker to obtain. Tokenization is a highly secure, format-preserving data protection approach that does not require the generation, distribution, management, or rotation of encryption keys file to protect data. In other high-profile data breaches, attackers were able to also decrypt data but were unable to access data that was tokenized. In the case with ArbiterSports, if tokenization had been utilised and the attackers were able to access and decrypt the stolen backup, the tokenized data would have remained secure.  Read Less
August 31, 2020

Experts Reacted On Musk Confirms Russian Hack Targeted Tesla Factory
Data-centric security offers the most benefit by allowing data to be protected and remain secure even if it is shared, stolen, or misused.
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed. Organizations need to ensure that the.....Read More
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed. Organizations need to ensure that the security measures they enact to protect data are still viable even when internal resources are compromised or data is exposed. Data-centric security offers the most benefit by allowing data to be protected and remain secure even if it is shared, stolen, or misused – effectively nullifying both external and internal threats.  Read Less
August 31, 2020

Experts Reacted On Musk Confirms Russian Hack Targeted Tesla Factory
Data-centric security offers the most benefit by allowing data to be protected and remain secure even if it is shared, stolen, or misused.
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed. Organizations need to ensure that .....Read More
As the threat landscape continues to get nastier by the day, ransomware attacks like the one attempted against Tesla are still at the forefront and on the rise. What’s interesting about the Tesla attempt is that the attackers attempted to co-op Tesla employees with the promise of a big payout – something that they fortunately turned down. However, in many cases this story has the potential to end differently with systems compromised and data exposed. Organizations need to ensure that the security measures they enact to protect data are still viable even when internal resources are compromised or data is exposed. Data-centric security offers the most benefit by allowing data to be protected and remain secure even if it is shared, stolen, or misused – effectively nullifying both external and internal threats.  Read Less
August 14, 2020

Experts On Healthcare breaches fall by 10% in the first half of 2020
The security challenge for healthcare operators is extremely difficult.
The healthcare industry may be the most vulnerable of all industries to cyber attacks. It's about the data healthcare operators have access to. The security challenge for healthcare operators is extremely difficult, especially when data is stored in different locations and accessed through various technologies. However, we may be seeing a shift in approaches from ‘secure the technology,’ to ‘secure the data,’ which will reduce the threat of data loss and exposure when (not if) a.....Read More
The healthcare industry may be the most vulnerable of all industries to cyber attacks. It's about the data healthcare operators have access to. The security challenge for healthcare operators is extremely difficult, especially when data is stored in different locations and accessed through various technologies. However, we may be seeing a shift in approaches from ‘secure the technology,’ to ‘secure the data,’ which will reduce the threat of data loss and exposure when (not if) a cyber-attack happens. While it is not always possible to prevent malicious access, sophisticated data protection is a must when processing and storing sensitive information – especially PII and healthcare records. These are core requirements of data privacy regulations like HIPAA and GDPR and here might be fines coming up for this.  Read Less
May 08, 2020

Expert Comments On Unacademy Data Breach Affecting 22 Million Users
How any system can fall vulnerable to hackers if security is not prioritised.
Online databases are always going to be a target for hackers because they store masses of personal information and they are equally as quick to monetise this data through the dark web for their own gain. The data we input to online systems, even educational platforms like this, can be very valuable to bad actors and as a private individual, sometimes there’s no way to be sure that the services we use are protected by an adequate amount of security. The fact that Unacademy can be a target of.....Read More
Online databases are always going to be a target for hackers because they store masses of personal information and they are equally as quick to monetise this data through the dark web for their own gain. The data we input to online systems, even educational platforms like this, can be very valuable to bad actors and as a private individual, sometimes there’s no way to be sure that the services we use are protected by an adequate amount of security. The fact that Unacademy can be a target of an attack like this demonstrates how any system can fall vulnerable to hackers if security is not prioritised. While the chances of being breached are higher than ever before, the most important thing to do is to protect your customers' data with modern data-centric security solutions using technologies such as tokenization and format-preserving encryption you can render PII including names, addresses, and IDs useless to hackers and prevent huge data breaches like this.  Read Less
March 27, 2020

Data Deposit Box Exposes 270K Users’ Private Information – Expert Comments
Enterprises need to step up to the plate and take responsibility for the data.
In a regrettable yet avoidable trend, Data Deposit Box is another example of a company that has failed its customers by failing to undertake proper security measures. Surely, heads will roll within their organization, but it's customers that are left with their personal information exposed, resulting in the sting of a privacy violation and the possible lingering pain of identity theft. In this case, data was left unprotected on AWS S3 storage – something that is 100% avoidable since AWS S3.....Read More
In a regrettable yet avoidable trend, Data Deposit Box is another example of a company that has failed its customers by failing to undertake proper security measures. Surely, heads will roll within their organization, but it's customers that are left with their personal information exposed, resulting in the sting of a privacy violation and the possible lingering pain of identity theft. In this case, data was left unprotected on AWS S3 storage – something that is 100% avoidable since AWS S3 resources by default now have “block all public access” set and require an explicit override to enable access. This lack of oversight is also a great example of where data-centric security would have kept data secure despite a failure of administrative due diligence. A data-centric security model using technologies like tokenization allows organizations to protect data that is stored anywhere – on-premise or in the cloud – even if unintentional or unauthorized access occurs. Indeed, if this private information had been tokenized, the information and files in the S3 bucket would have been worthless and indecipherable to an attacker. Enterprises need to step up to the plate and take responsibility for the data that they process by ensuring they both follow basic security guidelines from cloud providers and deploy data-centric security to protect data anywhere and everywhere.  Read Less