<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2012313439098820&amp;ev=PageView&amp;noscript=1">
Posted by Dana Epp

Your Data Exposed - How Cloud Misconfiguration Weakens Us All

Your Data Exposed - How Cloud Misconfiguration Weakens Us All

KeepCalmAndBreachOn-800

When discussing business cloud security, it’s easy to focus on the potential harm done to a business in the case of breaches. After all, IBM estimates that the average cost of a data breach is $3.6 million, or roughly $141 per affected data record. And that’s only the global average. Here in the US, the average cost is over $7 million!

However, that’s only one part of the overall security problem. There’s also the bigger picture to consider – how data breaches can hurt everyone. We feel this is a topic which isn’t discussed enough because, in many ways, online security is truly a group effort. Businesses working together to improve security jointly, or at least implementing security with an awareness that data breaches can cause global harm, could do a lot to help reduce the overall cost of cybercrime.

Three Ways That Data Breaches Cause Wide-Spread Harm

1 – The public impact

Here’s a million-dollar question that no one seems to want to answer: How much do data breaches cost the public? To our knowledge, no one has even attempted a study into the matter. This is difficult to believe, given how huge some recent data breaches have been. Yet, studies just don’t exist – even on huge breaches. The largest and most harmful, of course, was the 2017 breach of Equifax, which is believed to have affected roughly 44% of the entire US population. Experts say it will have “decades of impact” on the public.

Another obvious high-profile example is the hack of the Ashley Madison adultery hookup site in 2015. In a rare case of numbers being available at all, Ashley Madison is paying a total of $11.2 million to the 37 million users affected – capping out at $3,500 depending on what damages each individual can show. That seems low, considering that famous victims were blackmailed and there are numerous reports of both famous and non-famous people seeing their lives or families ruined by it.

Now, obviously, not everyone is using questionable hookup sites – but it’s hard not to look at these and other breaches without thinking “there but for the grace of god go I...”

2 – The rise of ransomware

If you want a good example of why online security needs a dose of “herd immunity” to prevent outbreaks, just look at the stratospheric rise of ransomware in recent years.

Cryptographic ransomware as we know it today was effectively started in 2012, with the Reveton trojan. Strictly speaking, it wasn’t the first ransomware style attack. The first was actually all the way back in 1989, and distributed on floppy disks. However, there were only a handful of examples in the intervening years, until Reveton hit and showed just how effective ransomware could be.

Now, only six years later, ransomware has become one of the most common forms of cybercrime, with reported infections growing by several hundred percent each year. Estimates are that ransomware is now creating over $5 billion in losses per year, a number which is only likely to rise. Worse, that’s probably a lowball figure, since undoubtedly many companies are paying up and never telling anyone about it, and that is the problem in a nutshell. Ransomware is booming because companies are neglecting their security, becoming infected, then paying up – thus encouraging more ransomware to be written and distributed, using increasingly sneaky tactics.

It can be said with absolute truth that every business which has paid a ransom shares some responsibility for this outbreak. With better global security, ransomware wouldn’t be such a problem.

3 – Loss of public trust

Our final point here is, admittedly, a bit more abstract – but hard to avoid seeing as a potentially major issue in years to come. With every high-profile data breach, the public loses faith in electronic systems and in the companies utilizing them. The public is already starting to become antsy about the amount of information being stored on them online by companies such as Google and Facebook, with pushes to avoid using such companies steadily growing in popularity.

There’s also plenty of hard evidence that breaches hurt public trust in affected companies on a case-by-case basis. From there, it’s not hard at all to suppose that as data breaches continue to grow in size, scope, and damages, public trust in cloud services and other data-based technology in general will be affected. It’s already easy to find anecdotal talk of people being wary of ordering potentially-compromising products online for fear of “outing” themselves in some way or another. That is a trend which could easily become more widespread.

With all the good that cloud services can do for businesses and for the public, we don’t want cloud adoption to turn into some sort of public trust standoff.

Download Your Copy of The 7 Deadliest Sins of Azure Misconfiguration and How to Fix Them

What Do You Think?

What can companies do to avoid harming public trust in data-collection and cloud-services? How can we encourage more companies to adopt cloud security software that prevents them from becoming digital Typhoid Marys? How can we get cloud administrators to follow good cloud configuration management practices to help reduce the risk of cloud misconfiguration?

Let’s discuss it in the comments below.

Topics: Cloud Configuration Management

Comments