Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk
Ermetic's CEO Shai Morag writes about preventing attacks such as the recent Capital One breach and what organizations should do
Ermetic's CEO Shai Morag writes that to protect against attacks similar to the Capital One breach, organizations should concentrate their energy on putting cloud entitlements and configurations under control.
The recent conviction of a Seattle tech worker accused of carrying out a cyberattack against Capital One is not the end of the story. The trial showed how one person could perpetrate a massive data breach by exploiting misconfigurations and excessive privileges common in many cloud environments.
In the wake of the attack — and the resulting data breach — Capital One was fined $80 million by the federal government and settled customer lawsuits for $190 million. This should give organizations an incentive to put measures into place to avoid the same mistakes.