Any occurrence that leads to unauthorised access to computer data, applications, networks, or devices is referred to as a security breach As a result, data is accessed without authorization. When an intruder manages to sneak past security barriers, this is what generally happens. When a large corporation experiences a security breach, it always makes the news. Some examples of security breaches are as follows:
- Equifax – in 2017, the firm lost the private information of 145 million due to a website application vulnerability. This information includes their names, Social Security numbers, and driver’s licence numbers. The attacks took place across three months, from May to July, but the security vulnerability was not revealed until September.
- Yahoo – In 2013, a phishing effort provided hackers access to the network, resulting in the breach of 3 billion user accounts.
Cloud Security Breaches
The COVID-19 epidemic has a major impact on the economy, social life, and how we work. With so many workers working from home, the issue compelled businesses to focus more on cloud security solutions to combat rising cloud security risks. Lack of cloud security has been blamed for some of the most serious security incidents in recent years. As long as corporations do not enhance their security, this tendency will continue. Gartner has revised its cloud security assessment, stating that by 2025, 99 per cent of cloud security failures would be due to customer-side security concerns, not cloud provider-side security issues.
When a hostile actor obtains access to a cloud customer’s resources, locates important data, and takes it, this is known as a cloud breach. The mechanics of a cloud breach are very different from the on-premises data breaches that target data centres, networks, and devices that we encounter. To get to the heart of the matter, let’s start with the foundations of cloud security.
Top five cloud breach
We’re only halfway through the year, but it’s already clear that 2021 will be a big year for data breaches. Cybersecurity is no longer only an issue for IT experts, with politically driven cyberattacks and supply chain disruptions. Ransomware has become a household phrase, and almost everyone has been affected by a data breach in some way. Here are the greatest data breaches and data security assaults of 2021 thus far, from Parler to Colonial Pipeline.
Pumps in the eastern United States came to a standstill earlier this year when the gasoline supply chain was interrupted by a ransomware assault on a major fuel source. The Colonial Pipeline was hijacked by the DarkSide hacking organisation, which delivers 45 per cent of the East Coast’s gasoline, diesel, and jet fuel. The gang took over 100 terabytes of data and demanded a ransom in exchange for not releasing it on the internet. As a result, petrol prices in the United States increased by around six cents per gallon, and many gas stations experienced shortages due to panic purchasing and supply interruptions.
Shiny Hunters, the renowned hacker, struck again in January 2021, this time targeting men’s apparel company Bonobos. Over 7 million consumers’ PII was stolen, including their addresses, phone numbers, and account information, 3.5 million partial credit card numbers were also discovered. The stolen data was discovered on a hacker forum where it was freely distributed.
Kroger via Accellion
Grocery businesses aren’t usually thought of as potential targets for healthcare breaches, but that’s exactly what occurred to supermarket behemoth Kroger. In February 2021, hackers gained unrestricted access to Kroger’s Human Resources data and pharmaceutical information because of a breach at third-party cloud provider Accellion. The hacked records included sensitive information such as names, phone numbers, home addresses, dates of birth, Social Security numbers, medications, and health insurance information, despite the business claiming that just 1% of its clients were affected.
A self-proclaimed hacktivist downloaded almost 70 gigabytes of data from right-wing social networking app Parler shortly before Amazon Web Services removed its hosting from the site, making it one of the year’s largest data breaches. This enormous data breach revealed 99 per cent of the app’s posts, chats, and video footage, as well as EXIF metadata detailing the posters’ locations, dates, and times. Driver’s licences, government-issued picture IDs, and Parler’s Verified Citizens, as well as information users, thought they had erased, were among the data exposed. Scraping is not a criminal violation, therefore this “hack” was lawful. Instead, Parler’s faulty API allowed anyone to grab data from their WordPress website.
Have you ever heard of SIM jacking? You probably have if you’re a T-Mobile user. Scammers used social engineering to gain control of T-Mobile customers’ phone numbers and transfer them over to a SIM card controlled by the hackers earlier this year, and they were successful. What’s the point of switching SIM cards? Cybercriminals may intercept phone conversations and text messages, which is a typical way for two-factor verification if they have access to phone numbers. Customers’ names, addresses, Social Security numbers, PINs, and security questions and answers were all stolen, resulting in a cyber-security nightmare.
Cloud Breach Preventive measures
When storing, transferring, or receiving data, use the highest standards to encrypt all files, devices, and systems. Encryption policy must be strictly enforced.
Fragmentation redundancy scattering (FRS)
The method of breaking down sensitive data into inconsequential bits and transporting them in redundant ways across multiple sites of a distributed system to offer intrusion tolerance.
While data is being transmitted via the internet, it is secured using the RSA algorithm.
It is used to protect data in the cloud by doing arbitrary computations on cipher-texts without them being decoded, however it may use more CPU, electricity, and slow down response times.
Bring your own device (BYOD)
Infected BYOD devices can infect a company’s intranet and PCs with malware, spyware, or viruses. One approach is to give your staff with the tools they need to do their jobs.
Enforce the usage of passwords with a minimum ideal length of 12 characters, cardinality of 94, and entropy of at least 78.6 bits. Make sure all of your gadgets, including computers, tablets, and cellphones, are password protected.