Cyber Monday is here (and for those of us in the cloud security business, it’s also the start of the AWS re:Invent 2017 conference). So given all the strange things that have been happening in our cyber environment, we thought we would once again remind organizations and consumers alike about the need to be proactive and extra vigilant in their security practices.
Over the last week, a great deal of news has focussed on yet another massive data hack involving millions of records belonging to customers and employees. Although the company in question stated that “We have seen no evidence of fraud or misuse [of data] tied to the incident” — and this is welcome news of course — it misses the main point.
Our purpose today is not to conduct an arm’s length postmortem (for a solid account of the breach, read this post), but to remind organizations that while the great benefits of the cloud (speed and scale) can create a compelling competitive advantage, they also generate a corresponding responsibility to rigorously employ best practices for risk management and incident response along with appropriate cloud security technologies.
When asked to comment, Sam Bisbee, Threat Stack’s CSO, offered the following thoughts:
“The market’s investment in services and tools to automate business processes without incurring heavy maintenance costs has often outpaced investment in the methods to secure them.
There are many ways to remedy this imbalance. For example, it is sometimes safer to bring commoditized systems that are likely to leak sensitive information, such as log aggregation, into your own environment since they have become so cheap to maintain. As usage of services like GitHub and AWS S3 grows, organizations of all sizes must understand whether the services they use to store data are, in fact, risk-appropriate for the type of data they put into them.
Security and operations teams have an opportunity to work together to help their enterprises manage the risk of a data breach by auditing their current environments to understand what data is expected to be stored in them versus what is actually stored in them, the relative safety of the storage services, and then establishing appropriate controls and monitoring for when, how, and where data is accessed.”
Final Words . . .
The term “Cyber Monday” was coined way back in 2005 to entice people to shop online. Since then, a lot has changed (and is continuing to change) in our cyber world. In light of this, perhaps it’s time to repurpose Cyber Monday as yet another opportunity to remind organizations of the need to make their cloud security practices much more rigorous, and to urge consumers to take greater precautions when transacting business online.
If you would like information about how Threat Stack can help address your security requirements, please sign up for a demo of our intrusion detection platform.
A Note to Consumers
It’s the time of year when many of you are spending more time online, taking advantage of bargains for the upcoming holiday season. While this can save you from crowded parking lots and noisy malls, remember to be extra vigilant about your online security.
Instead of taking chances, we recommend that you kick your cyber security practices up a notch. With that in mind, here are a few recommendations that should help to keep your experiences enjoyable, safe, and secure.
Make sure you use strong passwords (or better yet, passphrases) along with a password manager (such as LastPass or 1Password), set up an autolock after a short timeout, and make sure your apps can’t display messages on the lockscreen. Finally, do use 2FA and geotracking, and don’t use unsecured WiFi. Invest a little time, up your security, and enjoy your time online.