Over 92% of companies are worried that they are at risk for one, according to a survey conducted by Fugue on cloud security risks during the COVID-19 crisis.
As businesses make swift changes in their current policies, networks, and devices used for managing their cloud infrastructure, we see a dramatic increase of companies expressing concern over the safety and security of their online systems.
And the root of it all… is the widespread novel coronavirus (COVID-19.) Coronavirus introduced changes to our lives that many thought to be reasonable and necessary, yet the normal way of functioning changed dramatically. The borders closed and many countries introduced a curfew while those who didn’t came out with strong recommendations that it is important to stay at home.
As businesses everywhere shut their doors to prevent the spread of COVID-19, many shoppers are beginning to shop online, perhaps even for the first time, in order to access their basic necessities.
This dramatic shift in buying practices has caused many companies to employ cloud engineering teams to work on maintaining their cloud infrastructure as they make the necessary changes in their cloud environments — primarily, to support the influx of new customers.
Out of those companies, 84% have expressed concern over having potentially already experienced a data breach without knowing. More specifically, at least 39.7% of companies are highly concerned about a suspected cloud data breach, 44.3% are somewhat concerned, and 28% have stated that they have actually already experienced and discovered a critical breach.
Unfortunately, the misconfigurations that cause these cloud data breaches are incredibly difficult to prevent, even for the most experienced cloud engineering and security teams.
In fact, over 73% of such teams report that they experience over 10 incidents of misconfigurations per day. With the numbers rising as we go on, with 36% suffering from more than 100 misconfigurations per day and 10% experiencing more than 500 per day.
Such misconfigurations are definitely a cause for concern, as any breach on a company’s data may leave millions of people vulnerable to identity theft, financial fraud, or phishing scams.
A subject that has been covered quite a lot in recent years.
With many of the most talked-about data breaches involving big companies and corporations like Yahoo, Marriott International, Facebook, Zoom, and so on. All of whom suffered breaches that have exposed millions, and even billions, in some cases, of their clients and customers to various cyber-attacks.
More recently, a company called Maropost has been called into question.
Maropost is the leading customer engagement platform service at this time. According to this article on Econotimes: “Maropost now works with more than 600 different brands, including big name-brands like Mercedes-Benz, Hard Rock Inc., The New York Post, and so on.”
At the beginning of April, the company had been accused of having exposed millions of its clients, and their client’s customers, to cybernetic attacks. Supposedly, after they had suffered from a ‘data breach’ on one of their security systems that exposed email addresses and other personally identifiable information.
Fortunately, reports of the Maropost data breach have been proven largely untrue.
Maropost had actually not suffered from a real data breach, just a misconfiguration on one of their test servers that revealed no personally identifiable information on anyone.
You can learn more about it from an article on Mediapost, where the company has been quoted on the reality of the misconfiguration they suffered, saying: “The log exposure was not to the degree as reported and certainly not a data breach.”
They go on to explain that: “On this test server was the log file used to test the performance of a service – which held a handful of Message Transfer events that contained randomized email addresses (no first name, last name, phone number, client names, or any other identifiable information was within the log file) some real and some not from a customer log that was approved for use.”
In short, this specific misconfiguration, despite others reporting otherwise, has not caused anyone to become vulnerable to any cyber-attacks.
As such, Maropost’s clients have no cause for concern at this time.
Even so, Maropost has stated that they have already implemented “corrective measures” to prevent further misconfigurations that may leave logs from being exposed in the future, be they fake test logs or real logs.
However, just because Maropost has managed to avoid any actual data breaches, doesn’t mean that others will be able to do the same.
As we all slowly wait for the other shoe to drop, so to speak, in regards to COVID-19 and the shutdown of public spaces, it’s important that you stay alert and in-the-know about what’s going on with the online retailers that you buy services from.
Especially during this time, when most are making dramatic and swift transitions in their cloud infrastructure to support the larger volume of online shoppers worldwide.