Black Hat, a series of conferences held annually in different cities around the world.ASIA or the Annual Symposium on Information Assurance that serves as the academic track for the New York State Cyber Security Conference, an annual information security conference held in Albany, NY usually for two days during June targeted at academic, government, and industry participants.ACSAC, Annual Computer Security Applications Conference - oldest information security conference held annually.ACM-CCS (Conferences on Computer and Communications Security), security conference held since 1993.44Con An Infosec conference and training event that occurs annually in London, UK.Doing so could help firms see if there's any data out there that isn't protected by a password, or is perhaps guarded by a default password that may not be strong.Haroon Meer, a keynote speaker at Nullcon 2018 Rogers says companies should start by getting an understanding of what data is out there by conducting a scan of their company's public IP space and external assets. "Step one in terms of mitigating these issues is get out of this false sense of security that cloud users have, that Amazon will take care of it," Ameesh Divatia, CEO and cofounder of data protection firm Baffle, previously told Business Insider. In the letter, Wyden and Warren accuse Amazon of failing to implement the same level of security in its cloud services as other tech firms like Microsoft and Google.īut experts have previously said that the responsibility to secure data should rest with the company itself, not the cloud-service provider. United States senators Ron Wyden (D-Oregon) and Elizabeth Warren (D-Massachusetts) wrote a letter to the Federal Trade Commission in October calling for an investigation of Amazon over the Capital One leak, since the affected data was stored using Amazon Web Services. "If we just got rid of that, I think you'd reduce the number of breaches we're hearing about by at least half," said Rogers.Īt the same time, lawmakers are pressing for action to be taken in order to prevent a data breach like the one that impacted Capital One from happening again. That data breach can also be traced back to the way the compromised information was stored and managed, as the report said it was found on a publicly accessible database.īoosting the security of the servers that store such information could dramatically cut down on the number of data breaches, according to Rogers. Security company Suprema, which operates a biometrics platform called Biostar 2, also fell victim to a hack that exposed the fingerprints of more than one million people as well as unencrypted usernames and passwords, The Guardian reported in August. Thompson is said to have obtained the sensitive information about Capital One customers and credit card applicants by exploiting a firewall misconfiguration in the company's cloud infrastructure. Take the Capital One breach as an example, which impacted 100 million people in the United States and six million people in Canada. "And consequently, there a lot of insecure systems hanging on the internet that can be readily accessed." "That's probably the most common vector that I'm seeing across all of these breaches, is that companies don't seem to know what data assets are out there," Rogers said when speaking with Business Insider. But there is a common thread that can be found across several recent hacks, including the Capital One breach from July, according to Marc Rogers, a white-hat hacker and head of cybersecurity at Okta, an enterprise identity management firm.įor several companies that have been impacted by data breaches in recent years, the issue boils down to how these firms are managing the servers that are being used to store sensitive information, says Rogers. The circumstances behind a data breach will always vary depending on the situation. And such intrusions are becoming an increasingly costly problem for companies to fix the cost of a data breach has risen by 12% over the past 5 years, according to data from IBM Security published in July. It often indicates a user profile.ĭata breaches appear to be all the more common in recent years, with major firms across industries such as healthcare, social media, and finance falling victim to hackers. Account icon An icon in the shape of a person's head and shoulders.
0 Comments
Leave a Reply. |