Data Breaches in 2019- What’s the price of unprotected IT infrastructure? Cybercrime Magazine says that global damages will surpass $6 billion as soon as 2021.
Here we’ll go through some of the most frequent and emerging causes of data breaches in 2019 and see how to address them in a timely manner.
Misconfigured Cloud Storage
It’s hard to find a day without a security incident involving unprotected AWS S3 storage, Elasticsearch, or MongoDB. A global study from Thales and the Ponemon Institute states that only 32% of organizations believe protecting their data in a cloud is their own responsibility. Worse, according to the same report, 51% of the organizations still do not use encryption or tokenization to protect sensitive data in the cloud.
McAfee confirms, claiming that 99% of cloud and IaaS misconfigurations fall into the realm of end users’ control and remain unnoticed. Marco Rottigni, Chief Technical Security Officer EMEA at Qualys, explains the problem: “Some of the most common cloud database implementations ships with no security or access control as standard at the start. They have to be added on deliberately, which can be easily missed.”
With a global average cost of $3.92 million per data breach in 2019, these findings are quite alarming. Sadly, many cybersecurity and IT professionals still candidly believe that cloud providers are responsible for protecting their data in the cloud. Unfortunately, most of their assumptions are not in accord with harsh legal reality.
Virtually all major cloud and IaaS providers have experienced law firms to draft an airtight contract you won’t be able to alter or negate in a court. Black ink clauses expressly shift financial liability for most incidents on the clients’ shoulders and establish limited liability for everything else, often reckoned in pennies.
Most SME companies don’t even carefully read the terms, while in large organizations, they are reviewed by legal advisors who are often disconnected from the IT team. Though, one will hardly negotiate better conditions, as otherwise, cloud business will become so perilous and unprofitable that it will swiftly disappear. This means that you will be the sole entity to blame and punish for misconfigured or abandoned cloud storage and a resultant data breach.