- Capital One was recently the victim of a data breach that put the personal information of 106 million people at risk.
- A former Amazon employee is alleged to have taken advantage of a “misconfigured firewall” to steal information from a Capital One server running in the Amazon Web Services cloud.
- Companies like Capital One may not always be able to prevent hackers from breaking in.
- But by encrypting your data, keeping tabs on what exactly is going on across your network, and making sure that only the right people have access to the right information, companies can guard against the very worst of it, experts say.
- Visit Business Insider’s homepage for more stories.
Capital One is the latest major corporation to fall victim to a data breach, as it revealed on Monday that an intruder gained access to personal information in an incident that puts 106 million customers at risk.
A former Amazon employee is said to have obtained sensitive Capital One customer data stored on Amazon Web Services, the retailer’s massively popular cloud computing service. Federal prosecutors say that the alleged intruder, Paige Thompson, was able to gain access to information like names, addresses, email addresses, dates of birth, and the social security numbers of 140,000 customers and bank account numbers of 80,000 customers.
Companies might not always be able to get ahead of hackers and other bad guys, who are always finding new ways and means to exploit security vulnerabilities and flaws. But experts say there are measures that can be taken to spot intruders quickly and ensure that sensitive data doesn’t fall into the wrong hands.
SEE ALSO: A futurist reveals the biggest ways tech will transform our lives in the next 5 years
Among the most important lessons is recognizing that while the data was stored in Amazon Web Services, that doesn’t mean it was Amazon’s fault, according to Ameesh Divatia, co-founder and CEO of data protection firm Baffle.
Read more: A professional hacker reveals how to create the best possible password
In short, Amazon Web Services rents functionally unlimited supercomputing power to anybody with a credit card, from individual developers up to behemoths like Capital One. According to the criminal complaint against Thompson, Amazon’s cloud storage itself was never directly breached — rather, she took advantage of a “firewall misconfiguration” in how Capital One set up its cloud infrastructure to steal customers’ information.
Divatia says this speaks to a common misconception held by customers of AWS and other major cloud platforms: That Amazon will handle everything. Rather, Divatia says, remember that the burden of actually locking down the data stored in that cloud largely belongs to the customer.
“Step one in terms of mitigating these issues is [to] get out of this false sense of security that cloud users have, that Amazon will take care of it,” says Divatia.
Preventing malicious actors from stealing personal data involves more than just keeping attackers out of the servers that contain sensitive information, though. It’s also about ensuring that if criminals do find a way in, the data is sufficiently safeguarded and effectively useless to them.
That involves encrypting data at all stages, whether it’s in the customer’s own servers or in the cloud, says Divatia. Capital One said in a press release that it encrypts its data as standard operating practice, but that in this case, the unauthorized user was able to decrypt it.
Watch your perimeter
Avoiding breaches like this also entails putting in multiple types of security systems at the perimeter, endpoint, and network level, says Michael Rezek, vice president of cybersecurity strategy and business development at analytics firm Accedian.
He used the analogy of running security for a bank as an analogy for how these techniques work.
When protecting a bank, you’d probably use three methods to secure it: monitoring the entrance to know who’s entering and exiting the building (perimeter security), keeping track of critical assets like ATMs, cash registers, and safes (endpoint security), and using video surveillance to monitor what’s happening inside the bank (network security).
Those last two points of protection are particularly important, he says, in a scenario like the Capital One breach, where the intruder was able to exploit a security flaw to gain entry into the system. Having endpoint and network security in place means being able to track what the hacker did once they got in and keeping tabs on what they might have stolen.
Know your audience
An important way companies can spot trespassers earlier is by having a firm grasp on who has access to critical user data in the first place.
“Knowing that this user over time maybe never visits a critical assets server . . . you learn that’s kind of a normal behavior,” Rezek said.”And then all of a sudden one day you see this anomaly where he goes to a critical assets server and he spends time connected to it.”
For example, if an intruder just dumped a bunch of data from the servers, that should raise a red flag, says Divatia. That’s because applications typically process data rather than dumping it, which could have been a sign that abnormal activity was occurring.
It may be impossible to prevent intruders from entering in the first place. But what companies can learn from the Capital One breach is to always be prepared for what happens once they do get inside.
“You cannot keep the bad guys out,” said Divatia. “You assume that the house will get broken into, but what they steal doesn’t mean anything.”