4iQ vice president of product, Amyn Gilani, weighs in on the Capital One data breach, noting that we need to shift the 'blame game' to a team sport approach. As more devices continue to come online, troves of personal information is being collected by companies and organizations around the world. Staggering amounts of this valuable data is being exfiltrated, traded and sold in underground markets as a commodity by malicious hackers and cyber criminals. Meanwhile companies, organizations and law enforcement are playing whack-a-mole in the aftermath. We all need to get better at protecting ourselves and helping others stay safe.
Amyn outlines a five point plan approach in helping companies be proactive in securing their vulnerabilities and mitigating risk.
A poorly configured Amazon S3 bucket at Capital One suffered a data breach that affected 106 million American and Canadian customers, revealing roughly 140,000 social security numbers (SSNs), 80,000 U.S. bank account numbers, and 1 million social insurance numbers (SINs). You don’t need to be a sophisticated cybercriminal to know how to break into weak or unsecured open devices. All too often, we see corporate devices leaking sensitive data, and breached files passed around in underground markets stolen from mismanaged technical assets. Paige Thompson, the recently discovered insider threat who previously worked at Amazon as a systems engineer, publicly boasted on social media about hacking into unsecured Amazon databases, not only from Capital One, but also exfiltrating tens of gigabytes of data from other corporations.