2017 was a banner year for data breaches. Look back at the year’s biggest hacks and learn how enterprises can avoid the same mistakes while cloud computing.
Cloud computing has made the use, storage, and sharing of apps, data, and workloads easier than ever for enterprise organizations. However, as with any new technology there are benefits and there are pitfalls. Security breaches have reached an all-time high in 2017 as cyber attacks upon businesses have nearly doubled in the past year, from 82,000 in 2016 to 159,700 in 2017, according to the Online Trust Alliance.
Last year’s data breaches weren’t always the direct result of cloud computing, but nearly every cyber attack in 2017 could have been avoided with cyber security practices that pertain to cloud infrastructures, such as the blocking of suspicious email, consistently updating applications, training employees to identify phishing attacks, and encrypting personally identifiable information. The following breach examples can be used as prime examples of why IT departments need to enforce stricter security policies.
One of the worst data breaches in 2017—rather, in modern history (only the Yahoo, eBay, and Adult Friend Finder hacks are bigger)—was the Equifax attack which compromised the addresses, birth dates, drivers’ license numbers, and social security numbers of 143 million Americans, or nearly half the population of the country. An unpatched vulnerability on one of their applications allowed the breach, worsened by the company’s failure to notice the attack and to notify customers about the event in a timely fashion. While this type of weakness certainly isn’t specific to the cloud, cloud computing applications are susceptible to similar slip-ups.
The 2017 Verizon breach, which exposed the account PINS, customer records, and phone numbers of at least 14 million subscribers, was the direct result of an unprotected cloud storage server. Because of a misconfigured security setting, private data was available to download by anyone with just the guess of a web address. Almost 200 million voter records were compromised by a similar cloud insecurity.
The sheer amount of increasing data on the cloud means more sensitive information will be at risk, and more businesses will pay as a result. Ponemon Institute estimates an average cost of $3.5 million per breach in 2017, with a 27% probability that a U.S. company will experience an attack in the next 24 months that costs between $1.1 million and $3.8 million. Data breaches are practically inevitable for organizations on the cloud at this point.
To mitigate the loss of personal health or financial information, intellectual property, or trade secrets, enterprise companies must realize the cloud is a top target for data thieves and comply with security best practices—data encryption, which renders subject data unreadable, is one of those. To provide your organization with up-to-date cloud security solutions, including data encryption and key management.