Cloud Security Roundup: SolarWinds Breach, Twitter’s GDPR Fine, WFH Insider Threats, and More
Each month, we bring you some of the most compelling cloud and Salesforce security-related stories from the last few weeks. In this post, we discuss the SolarWinds breach, Twitter’s $500k GDPR fine, WFH insider threats, and more.
Network management firm SolarWinds disclosed a breach on December 13th that introduced malware to thousands of customers of its Orion products. The Orion platform – used by U.S. government agencies, Fortune 500 companies, and many other organizations to monitor IT networks – was hacked by cybercriminals, who injected malicious code into the software update service. Reports state that approximately 33,000 SolarWinds customers use Orion and hackers were able to access at least 18,000 networks.
Further investigations revealed that Russian hackers infiltrated Orion to gain network access, which also enabled them to access data like usernames, passwords, source code, financial information, and more. Microsoft neutralized the threat by retaking control of the malware’s infrastructure, leaving the attackers with minimal control over the hacked networks.
Based on a recent survey, which found that 23% of organizations suffered seven or more attacks on their network over a year, Trend Micro’s latest Cyber Risk Index (CRI) revealed the top threats organizations face worldwide. The most prevalent cyber threats reported include:
- Phishing and social engineering
- Fileless attacks
- Man-in-the-middle attacks
In addition to cyber risk, the CRI is comprised of four other categories of risk: infrastructure, human capital, operational, and data risk. When considering operational risk, companies are concerned about losing customer data, unauthorized parties accessing IP and financial information, customer churn, and stolen or damaged equipment, all of which can contribute to cyber risk. The CRI identifies negligent and malicious insiders as top security risks to IT infrastructure, both of which impact data security, especially financial information, consumer data, and confidential information like intellectual property.
Trend Micro recommends organizations utilize a comprehensive risk management framework like the NIST Cybersecurity Framework to mitigate threats and overcome security challenges.
According to new research from Akamai, the financial services industry suffered millions to tens of millions of cyberattacks daily in 2020. In September alone, financial organizations encountered 33 million web application attacks, showcasing an upward trend of criminals aiming to access – and compromise – valuable financial information. Akamai reports that such cyberattacks are enabled by automation, which stems from increased API usage for cloud applications. Malicious attackers use pathways like credential stuffing, SQL injections, local file inclusion, and cross-site scripting to infiltrate networks and harvest sensitive data to sell or ransom, leaving financial services companies to deal with the fallout.
While organizations in any industry need to take precautionary measures to protect cloud data from being breached, financial services are particularly prone to attacks. A robust defense in depth security posture can help prevent sensitive data from being compromised.
A 2019 data breach has ended in a $547,000 fine for social media giant Twitter. The Ireland Data Protection Commission (DPC) brought the action against Twitter, stating the company failed to notify and document the breach, violating articles 33(1) and 33(5) of the GDPR. The leak occurred due to a vulnerability in the platform’s design, which made protected tweets unprotected and available to the public without the user’s knowledge. Approximately 89,700 European Twitter users were affected by the bug.
Twitter failed to provide notice of the breach within the 72-hour deadline and adequately document the breach, which led the DPC to pursue an investigation against the company for infringing the data breach notification and documentation articles of GDPR.
New data revealed that 51% of parents said their children accessed their work accounts while working from home. In addition, 14% of parents working from home said their children have access to their work devices. With 42% of the United States labor force working remotely full time due to COVID, this creates risk for organizations storing sensitive information in the cloud, which can be accessed remotely. To prevent family members or roommates from inadvertently compromising, deleting, or sharing sensitive work information, be vigilant, use IT-provided security settings and tools such as multi-factor authentication, and refrain from sharing passwords.
McAfee and the Center for Strategic and International Studies (CSIS) conducted a study on cybercrime, which found that losses from cybercrime now exceed $1 trillion, globally. Most major security incidents incur costs for detection, mitigation, breach response, victim notification, and remediation. While the financial impact on the economy and individual organizations is significant, there are other consequences to account for – unplanned downtime, business disruption, reputational damage, and more. The study showed that, following a major security incident, organizations lost 18 hours of productivity due to downtime and $500,000 to cover expenses.
Organizations can help proactively prevent cybercrime by investing in cybersecurity measures like threat monitoring technology, employee training, and insider threat mitigation.