In recent weeks, the cybersecurity community has been abuzz with news about a potential data breach at one of the leading cloud data platforms. Initial reports indicated that the breach was not of the organization’s systems, but rather caused by users not enabling Multi-Factor Authentication (MFA), leading to compromised credentials and stolen data. While the company has urged customers to enable MFA as they continue their internal investigations, a reputable cybersecurity firm has stated that the incident has affected approximately 165 customers, many sizeable, who are now coming out and posting their own announcements on the issue—going back as far as 2020.
This situation highlights a critical aspect of cybersecurity: the balance between first-party trust and third-party validation.
Policing Your Cloud Platforms
It is essential to recognize that no platform is infallible, and fully relying on a CSP (cloud service providers) or cloud application provider to police themselves introduces a fog of war to an organization's security posture. Therefore, you must take an active role in policing the cloud platforms you use. This involves regularly scoring each provider’s behavior based on security performance and incident response capabilities, periodically vetting their certifications and pen-tests, and by monitoring trusted sources for news on breaches or other indicators of attacks. By doing so, you can hold your providers accountable and ensure they maintain high security standards.
The Importance of Strong Passwords and MFA
In addition to these measures, it is vital to emphasize the importance of using strong, random passwords and enabling MFA across all external tools and services. These two basic security practices can significantly reduce the risk of credential compromise, as seen in the incident described above.
Strong Passwords: Ensure that passwords are complex and unique for each account. Avoid using easily guessable information and consider using a password manager to generate and store passwords securely.
Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring a second form of verification in addition to the password. This could be a text message, email, or an authentication app. By enabling MFA, you significantly enhance the security of your accounts, making it much harder for attackers to gain unauthorized access.
Trust but Verify
With organizations embracing cloud platforms at an ever-growing rate, they rely heavily on third-party platforms and services to manage and protect their data. This reliance necessitates a certain level of inherent trust in these providers. However, as this recent incident illustrates, blind trust is not advisable. Even when a service provider assures you that the situation is under control, it is crucial to have mechanisms in place to independently verify those claims for your own organization and brand.
We believe that the keys to robust cybersecurity and risk management lie both in proactive and reactive measures that enable organizations to not only trust, but verify, the security of their cloud platforms and systems. Here is how you can achieve that:
- Defense-in-Depth Approach to Security and Vendor Use: Adopt a multi-layered security approach to protect against a variety of threats. This strategy involves implementing multiple layers of defense mechanisms and vetting the security practices of vendors you engage with to ensure they are following tried and true practices. This concept extends to using multiple cloud platforms and utilizing each for their own strengths.
- Proactive Visibility Assessment: Regularly auditing your cloud logging configurations can help identify blind spots that will prevent you from detecting breaches and threats. Tools like Mitiga can automate the checks around data log collection, ensuring that you are fully prepared to detect and research any threats or potential breaches from your cloud platforms. Our Forensic Data Readiness tool scores your level of readiness, and which provides details around which data collection configurations are enabled, or not.
- Reactive Incident Response: When an incident occurs, having the ability to investigate quickly and effectively is paramount. Mitiga's platform allows you to delve into the data, identify the root cause, and take corrective actions to prevent future occurrences, as well as the ability to directly engage with our IR (Incident Response) teams to help research these potential threats and come to a conclusion 700% quicker.
- Full Data Collection: On-prem tools are constantly logging everything that they encounter, regardless of if that data is submitted to your SIEM (Security Information and Event Management) / SOC or not, allowing for investigators to go to the source for detailed data logs when researching a potential breach. Cloud platforms do not enable this capability by default because of the cost involved with storing that data, and SIEM (Security Information and Event Management) event exhaustion prevents collecting of all data there. Mitiga can help offset these concerns by storing all data affordably and efficiently.
How Mitiga Polices Itself
Mitiga is committed to protecting customer data and its own data from any misuse, unauthorized access, or leakage. As such, the company has a high-level framework for protecting data and authorizing specific employees with access to customer data. We employ a Data Access & Protection policy to ensure that we are always working to uphold the trust our customers place in us. Additionally, we have successfully achieved both our SOC2 Type II and ISO 27001 certification and perform regular pen-tests on our platform, evidence of which we always provide our customers.
Mitiga is also a “customer” of our own platform solution. As we previously stated, Mitiga is built by investigators, for investigators. Using our platform allows us to put it to the test and continually strengthen it, ensuring it is best-in-class protection for us and our clients.
In addition, Mitiga uses 3-factor-authentication for our employees and contractors, conducting a security configuration review for each platform we are using, and having a dedicated internal security team to assess any risks for platform we are considering using and\or currently using, periodically.
Taking Control of your Cloud Security
While it is important to trust your first-party platform providers, it is equally crucial to validate their security claims through independent verification. Take control of your cloud security today with Mitiga. Ensure your organization is equipped to proactively manage incidents with contextual data collected by our platform, respond effectively to incidents and events with help from our automated IOAs and Incident Response managed service, and maintain robust security readiness by engaging with our Forensic Data Readiness tool. Contact us to learn more about how Mitiga can enhance your incident response and threat research processes.
Remember, in cybersecurity, trust is important, but verification is essential.