Major Capital One breach highlights cloud vulnerability

A major cyber attack at US financial services company, Capital One, in which the personal information of more than 100m people was stolen, highlights the vulnerability of perimeter-based and cloud security, according to cyber commissioner for former president Barack Obama.

The hacker is thought to have stolen data including names, addresses and phone numbers of credit card applicants in the US and Canada.

Former cyber commissioner for Obama, turned chief cyber security officer at Carbon Black, Tom Kellermann, said the breach highlights a few important realities for cyber security in 2019.

"First, perimeter-based security measures will not prevent 100% of attacks, 100% of the time," he explained. "Without visibility into what’s occurring on an enterprise, a business may be completely blind to attacks like this, especially when you consider that Paige Thompson once worked at Amazon as an engineer for the same server business that supported Capital One. Modern threats comes can come from all domains, including former employees, partners or contractors. A business needs to consider all the potential risks and work to gain visibility across the business into where potential weaknesses exist.

"Second, it’s absolutely imperative for businesses to be securing their cloud infrastructures and the critical data they hold. Capital One is one of the most ‘cloud-forward’ financial companies in the world; they should be partnering with solution providers who are intimately aware of how to keep the cloud secure."

Kellerman says financial institutions are increasingly being targeted by advanced attacks that leverage 'island hopping', lateral movement, counter incident response and fileless attacks.

Capital One's share price plunged 6% today.

    Share Story:

Recent Stories