Major Capital One breach highlights cloud vulnerability

A major cyber attack at US financial services company, Capital One, in which the personal information of more than 100m people was stolen, highlights the vulnerability of perimeter-based and cloud security, according to cyber commissioner for former president Barack Obama.

The hacker is thought to have stolen data including names, addresses and phone numbers of credit card applicants in the US and Canada.

Former cyber commissioner for Obama, turned chief cyber security officer at Carbon Black, Tom Kellermann, said the breach highlights a few important realities for cyber security in 2019.

"First, perimeter-based security measures will not prevent 100% of attacks, 100% of the time," he explained. "Without visibility into what’s occurring on an enterprise, a business may be completely blind to attacks like this, especially when you consider that Paige Thompson once worked at Amazon as an engineer for the same server business that supported Capital One. Modern threats comes can come from all domains, including former employees, partners or contractors. A business needs to consider all the potential risks and work to gain visibility across the business into where potential weaknesses exist.

"Second, it’s absolutely imperative for businesses to be securing their cloud infrastructures and the critical data they hold. Capital One is one of the most ‘cloud-forward’ financial companies in the world; they should be partnering with solution providers who are intimately aware of how to keep the cloud secure."

Kellerman says financial institutions are increasingly being targeted by advanced attacks that leverage 'island hopping', lateral movement, counter incident response and fileless attacks.

Capital One's share price plunged 6% today.

    Share Story:

YOU MIGHT ALSO LIKE


The Future of Risk & Resilience with AI & Data
CLDigital's Co-Founder, Tejas Katwala, joins CIR Magazine to discuss how CLDigital is transforming enterprise risk and resilience. By integrating business processes, AI and data-centric strategies, organisations can move beyond compliance to proactive risk management – simplifying operations, strengthening resilience, and driving business performance. Listen now to explore the future of intelligent risk management.

Investec is disrupting premium finance – Podcast
Investec made waves in entering the premium finance market, where listening and evolving in response to brokers made a real difference.

Advertisement