Page 177 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 177
SaaS Vulnerabilities Mean More Data Breaches
The dramatically improved scalability and redundancy of cloud databases are a developmental
benchmark in the history of technology, and those traits are transforming how businesses can interact
with data. But a misconfiguration—all too easy to trigger—can expose data to the internet, bots and bad
actors. Data breaches stemming from different kinds of infrastructure and application vulnerabilities are
common. What’s reported in the news is the tip of the iceberg in the cyber attack landscape. Insider
threats and attacks exploiting poor east-west security (i.e., inside a network) are relentless.
Earlier this year, Block (formerly known as Square) acknowledged that Cash App was breached by a
former employee, leaking personally identifiable information and possibly impacting as many as eight
million customers. Mailchimp’s breach of hundreds of accounts resulted from unauthorized access of a
customer support and account administration tool. Lapsus$ Group’s breach of Okta in March—a
company whose value lies in its B2B SAML authentication product—also happened via a third-party
customer support tool. Lapsus$ hit Azure DevOps software too in March, but Microsoft was able to
contain the breach before data was exfiltrated. Nevertheless, developer and cloud security experts are
on high alert, especially with the pervasiveness of Log4j vulnerabilities, the reach of which may be
unprecedented.
Cyber criminals, like Lapsus$, are generally motivated by profit, so they attempt ransomware, DDoS and
other kinds of attacks and use extortion to make money. While these profiteering exploits are already
ubiquitous, the current geopolitical struggle among superpowers and their client-states across the globe
means that attacks which deliberately sow chaos and terror, as a goal in and of itself, outside of profit,
will likely rise in prominence too. The U.S. government warnings for businesses to be ready have been
clear.
Readiness Is Tougher for SMBs
In the next few years, many cloud security providers will do extremely well financially from all the
investment that will go into them. The better vetted providers’ services are, the more likely those providers
will grow and generate significant cash flow. Enterprises are pulling out their proverbial checkbooks,
hoping to fortify multiple layers of security now to avoid paying more down the road.
How companies can distinguish between a security provider that's offering excellent, multi-faceted data
protection and one whose solutions might not be fully baked is a good question—and presents a sort of
Catch-22. Companies must employ at least a few highly competent professionals who already have
knowledge of what constitutes good security in order to evaluate tools. This can be a challenge for a lot
of organizations, but especially for smaller ones. Small and medium-sized businesses (SMBs) can
struggle to maintain in-house experts to secure their systems, choose the right security vendors, mitigate
attacks and implement recovery. SMBs also might have an expert who knows what to do, but who
doesn’t have the resources to do it. Some SMBs are simply operating on slim margins, without deep
pockets to pay ransoms. They face even more uncertainty right now if they exist in an industry or segment
of the supply chain that’s targeted for geopolitical reasons. Having distributed, remote workforces as the
new normal furthers the challenges.
177