Recently, the cybersecurity headlines have been dominated by news of another massive data storage leak. This time, the data leak came from marketing data aggregator Exactis. Allegedly, hundreds of millions of Americans’ email addresses, home addresses, religion, pet information, and other personal information were leaked online.
Sadly, this may not seem all that surprising. Data breaches and hacks on major enterprises’ networks have become so commonplace that a week without a hack seems a novelty. Yet the Exactis breach proves interesting precisely because it isn’t truly different. In fact, it highlights a recurrent problem in cybersecurity: data storage nodes and their visibility in enterprise networks.
In the case of Exactis, an independent security researcher found the Exactis database sitting on a publicly accessible server. This is remarkably similar to a similar incident from earlier this year wherein brand marketing firm Octoly leaked thousands of social media influencers’ personal information due to improperly configured Amazon data storage bucket. Furthermore, that wasn’t even the first such leak of its kind this year: FedEx suffered a similar data storage failure that leaked hundreds of thousands of customers’ data.
Indeed, data storage is one of the trickiest aspects of cybersecurity in general and SIEM in particular. On the one hand, different departments in your enterprise need to create their own data storage policies in order to function optimally. Yet simultaneously this aggravates your IT security team’s woes. More databases mean more trouble aggregating data from the disparate databases—or possibly obfuscating that certain databases even exist. Exacerbating these problems is the much-beloved prospect of enterprise cloud migration: the benefits of an infinitely scalable enterprise IT environment can be hindered by the drawbacks of an environment that can be too large to properly inspect or monitor.
So what can you do to ensure that your enterprise follows data storage cybersecurity best practices?
Have a Clear Communication Policy for Data Storage Creation
The first step to better data storage in your enterprise is the same step to facilitating better business efficiencies: communication.
Therefore, as part of your everyday digital business practices for all of your departments, you must formally mandate that every time a new data storage location is created in your network your IT security team is immediately informed. They need to know what kinds of data is being stored, where it is located in your IT environment, and how the data is being used.
The IT security team needs to know how much priority to place on protecting and monitoring each individual database as well as new data flows are going to and from each day. Without this information, huge parts of your enterprise’s network will go unmonitored…allowing hackers to run free.
Evaluate Your Current IT Environment
There are tools and solutions your enterprise can use to gain greater visibility into your enterprise, including SIEM and security analytics as well as preparatory network evaluation. Regardless of the means, your enterprise should absolutely work to increase its network visibility in order to locate all of its data storage nodes. To borrow an example from privileged access management, 40% of enterprises never bother to look for all of the privileged credentials in their enterprise. The question becomes: is the same true of your data storage? And how can you be sure?
Your IT security team won’t know what to protect if you don’t know what you have. Simple as that.
Configure Your Data Storage Properly
Ultimately, the most important lesson from the Exactis, FedEx, and Octoly data leaks is that when do you create new data storage nodes, they need to be properly configured so that your enterprise does not invite hackers or possible leakages. It is easy to forget that migrating to the cloud can also create new attack vectors that could leave your enterprise vulnerable.
Therefore, when you make data storage nodes, have your IT security team evaluate how those databases are configured and examine how each can be accessed. In other words, stress test your cybersecurity—it’s a good rule in general.
Latest posts by Ben Canner (see all)
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020
- Top-Down SIEM: An Interview with Avi Chesla of Empow - May 21, 2020