Indian payment services provider MobiKwik is currently investigating a huge data breach affecting millions of its customers. An unknown user at an underground marketplace has 8.2 TB of data from the company, including the sensitive personal information of millions of customers.
<p>These breaches seem to be happening far more frequently, which is concerning. The database ought to be an environment where organisations can have the most visibility and control over the data that they hold, and this type of breach should be one of the more easily avoidable.<u></u><u></u></p> <p> <u></u><u></u></p> <p> Organisations should ensure that only those users who need access have been granted it, that they have the minimum privileges necessary to do their job, and wherever possible, databases should be placed on servers that are not directly accessible on the internet.<u></u><u></u></p> <p> <u></u><u></u></p> <p> But all of this is only really possible if organisations actually have visibility over their sprawling database environments. Years of being able to spin up databases at the drop of a hat have led to a situation where many organisations don’t have a clear picture of what they need to secure; in particular, non-production databases that contain personal data, let alone how they need to go about securing it. You cannot secure what you don’t know about, so until this fundamental issue is resolved, we will continue to see these avoidable breaches hit the headlines.</p>