#60 – How Lessons Learned by Large Companies Can Help You Keep Your Cloud Data Secure


img_4479

EFFECTED USERS: Anyone who stores data online

Hair of fire 4 of 5

SUMMARY: Big companies have (unintentionally) given us clear examples of how hackers can access data that you store online.

In December 2022, Uber suffered another data breach when attackers compromised a third-party cloud service. The attackers were able to access sensitive information, including the names and license plate numbers of 600,000 drivers in the US. The breach is just one of a long list of examples of the growing concern of third-party cloud security to store data. As companies rely more on online services, this breach serves as a reminder that companies need to not just secure their own systems, but also be diligent about the security practices of their third-party partners. (Aided by ChatGPT)

According to an article in Dark Reading (a cybersecurity online magazine):

No matter who’s responsible, the latest Uber incident…..once again highlights the third-party risk that all enterprises face when partner companies are responsible for, or have access to, corporate data and assets, security experts say.

SOURCE: https://www.darkreading.com/attacks-breaches/uber-breached-again-attackers-compromise-third-party-cloud

Here with me to discuss this today is security expert: Dan Benjamin.

Dan is the Co-Founder and CEO of Dig Security, a leading cloud data security company. He is a former member Intelligence unit of the Israel Defense Forces, and is an entrepreneur with over a decade of industry experience founding and leading startup companies. And, Dan has held cloud and security leadership roles at multiple companies, including Microsoft and Google.  

 Welcome Dan.

Was our data ever secure in the cloud?

What are the basics of online data security?

  1. encryption
  2. logging
  3. retention
  4. authentication 2FA, MFA
  5. No Public Access – Until recently, storage on Amazon was ‘public access’ which gives hackers another way to steal your data.

Here are some Google/Bing Search terms to learn more:

“Protect Data on AWS / Azure / GCP”

“CIS Benchmarks”

“Protect S3 data”

“DSPM”

“Cloud Data Security”

OTHER RESOURCES

Dan’s LinkedIn: https://www.linkedin.com/in/dan-benjamin-b9342311/?originalSubdomain=il  

Dan’s Twitter:  Dan’s Twitter: https://twitter.com/danbenjamin_il  

Dig Security: https://www.dig.security/  

Dig Security Blog: https://www.dig.security/blog

https://www.dig.security/blog?category=Data+Security

Uber hacker claims access to its internal AWS, SentinelOne, VMware: Is FIDO2 the answer?

That’s all the time we have!

Don’t forget to check out our sponsor, and home of my day-job: SAFE Classroom, at http://www.thesafe.io

Thanks for listening.

Published by

David W. Schropfer

David W. Schropfer is the CEO of SAFE (Smartphone Authentication For Everyone), a cybersecurity company in New York (www.theSafe.io).  Every day, he and his team of professionals keep the people who use The SAFE Button protected from some of the most common traps, hacks and attacks that target computer systems of all sizes. David is the author of the bestselling cybersecurity book, Digital Habits: 5 Simple Tips to Help Keep You and Your Information Safe Online. His previous books, including The Smartphone Wallet and industry whitepapers, predicted some of the biggest trends in the payments, mobile, and security industries.  Since graduating Boston College, David earned an Executive MBA from the University of Miami.

2 thoughts on “#60 – How Lessons Learned by Large Companies Can Help You Keep Your Cloud Data Secure

  1. Pingback: Cybersecurity Expert Dan Benjamin on DIY Cyber Guy – DIY CyberGuy with David W. Schropfer
  2. Pingback: Cybersecurity Expert Dan Benjamin on DIY Cyber Guy – DIY CyberGuy with David W. Schropfer

Comments are closed.