Capital One Data Breach and Why Asia Pacific Must Rethink Cloud Security
- By Sanjay Aurora, Darktrace
- October 28, 2019
By all accounts, Capital One defended its customers’ data with the imposing array of cybersecurity tools that you’d expect from one of the largest banks in the U.S. And yet a lone hacker managed to bypass those tools and obtain the sensitive personal information of more than one hundred million people, a breach that will likely cost the bank well over a hundred million dollars when all is said and done.
The hacker — a former employee of Amazon Web Services (AWS), which hosted the compromised database — gained access to sensitive data by exploiting a misconfiguration in one of Capital One’s application firewalls. Such misconfigurations along the customer’s interface with the cloud have become a favorite target for cybercriminals. In fact, according to Gartner, 99% of cloud security failures will be the customer's responsibility through 2023.
The Fundamental Flaw
Capital One had a relatively mature cloud security posture, at least by traditional standards. It is, therefore, all the more alarming that the bank didn’t become aware of the breach until more than three months after the fact when it received a tip from an outsider who’d stumbled upon the stolen data. That a major financial institution was blind to this level of compromise further demonstrates the urgency of rethinking cloud security.
As spending on public cloud services and infrastructure in the Asia Pacific region increased by 47.1% from 2018, skyrocketing to USD 26 billion this year, the region can expect more disruptive attacks against the cloud. While governments and businesses alike look to transform their legacy systems with public cloud services in efforts to align with ambitious smart city initiatives, they face the daunting challenge of configuring firewalls and other endpoint protections to remain properly positioned.
These conventional security tools are designed to defend the digital perimeter — an antiquated strategy given today’s borderless networks. Moreover, modern developers now have the ability to spin up a cloud instance in minutes, often without having to consult their firm’s security team. As a consequence, the overwhelming majority of organizations lack visibility over their own cloud environments.
Demystifying the Cloud
Due to massive digitalization and rapid market growth, Asia Pacific is also becoming the home to 40% of the world’s data centers and is expected to overtake the U.S. by 2020. As data centers relocate to be closer to their customers and businesses, public cloud service users in the region will be able to maximise connectivity with less delay and better latency while utilising Software as a Service (SaaS) applications, which have become the heart of the modern enterprise with the benefits they offer such as storage savings and support speed.
At the same time, the interactivity of cloud services renders them an attractive target for advanced cyber-criminals, who can often leverage a single user’s SaaS credentials to compromise dozens of other accounts. And while leading SaaS vendors conform to high-security standards, the cyber defenses they employ nonetheless have a common weakness: human error. By launching sophisticated attacks, today’s threat actors are increasingly gaining access to cloud services through the front door, necessitating a fundamentally different security approach that can detect when credentialed users behave, ever so slightly, out of character.
AI Offers Hope for a Silver Lining
Of course, there is no silver bullet when it comes to cyber defense — and that goes double for the cloud. Motivated attackers will inevitably find a way inside the nebulous perimeters of IaaS and SaaS environments, whether via insider knowledge, critical misconfigurations, personalized phishing emails, or mechanisms that have yet to be seen.
For SaaS, the risks inherent are largely user-dependent. As a consequence, any security tool up to the task of defending SaaS applications must understand how these users work, evolve, and collaborate. Indeed, it is precisely the sought-after interconnectedness and collaborative nature of SaaS platforms which make the potential reward for attackers so great, as a single breach could allow them to compromise an entire company. Yet the efficiencies promised by SaaS need not come at the cost of security since the latest AI cyber defenses shine a light on even the most remote corners of the cloud.
By employing such AI systems, organizations in the region can gain the necessary knowledge of complex cloud environments to catch threats in their nascent stages — before they escalate into crises. Ultimately, the cloud promises to unlock new heights of efficiency and novel forms of collaboration, so long as they are willing to adopt equally innovative security tools. Because while there may never be a silver bullet for safeguarding cloud services, AI does offer hope for a silver lining.
Sanjay Aurora, managing director, Asia Pacific at Darktrace, wrote this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.