2 thoughts on “Capital One Breach…Lessons Learned”

  1. This incident does point out, IMO, the reality that a public cloud is not inherently more or less secure than a private cloud or owned infrastructure. Public cloud assets still require the same diligence and rigor in appropriately securing and monitoring as more traditional infrastructure.

  2. In this case, applying some simple best practices would have prevented the problem:
    1. Monitor accounts for inactive users, so that IT can ask managers whether a former employee or contractor still needs access when they show up on a report that shows no activity for 30 days. Make sure any and all ADMIN accounts are identity-specific, so that ADMIN-Betty can be easily turned off when she leaves, instead of having to remember to change the password on the generic ADMIN account.

    2. Better yet, establish an HR policy that includes account deactivation upon Employee or Contractor Termination.

    3. If Multi-Factor Authentication was used for anything and everything, especially any ADMINs or ADMIN accounts, that’s another platform that could have easily caught the need to turn off access for former employees and contractors.

    4. When a company says a piece of equipment was “mis-configured” … that demonstrates the lack of a regular vulnerability assessment/review, which would have caught it. Time to have external people give your internal teams a second opinion on your IT security with a simple review/assessment or full audit, much more frequently than every couple of years.

Leave a Reply

Your email address will not be published. Required fields are marked *