Hacks on Servers and Cloud Databases exposes over 1 billion records

771

IBM X Force, a firm which analysis malware on cloud platforms has discovered in its research that hacks on servers and cloud databases has so far exposed over 1 billion records to cyber crooks.

The company which has been tracking publicly disclosed data breaches since 2013 concludes that the leak has occurred mostly through trivial SQL Injection exploits and other pervasive methods such as simple permission errors, API oversights and server misconfigurations.

Researchers from IBM X Force claim that cloud server misconfigurations have so far exposed health records, voter data, customer support PIN codes from telecommunication companies and credit card info from e-commerce websites.

So, whose interested in such leaked data?

IBM X-Force says that the data leaked in cloud and server hacks serve marketing and research groups in a better way as they can amass archives of public data and channelize it with business sense to make profits.

Then how to mitigate the risks associated with leaked cloud databases?

Security analysts from X-Force say that a simple way to mitigate the risks associated with leaked cloud databases is to analyze threat and risks in advance. They say that this proactive approach helps to understand potential impacts and assists in defining necessary controls.

On a parallel note, application of data confidentiality controls such as data encryption will also help in preventing leaked data from being accessed by the hackers.

And from an enterprise point of view, contracting services to cloud providers based on the security policies of the company will ensure full cooperation from the vendor. And it’s better to inquire how the vendor carries out best practices in safeguarding data on their platform. Also conducting a pilot with test data and engaging a professional to do PEN Tests on quarterly or half-yearly basis will also help in figuring out the vulnerabilities and inadvertent access issues.

Have something more to share…?

You can share it through the comments section below.

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display