News that US IT giant Tech Data has suffered a serious breach of customer and billing data highlights how even the best technology can be easily undermined by operational issues, cybersecurity experts have said.
The breach was caused by an unsecured server used to log internal events for Tech Data’s StreamOne cloud product, which for the past few months has been accessible to anyone who came across it. The company has since secured the server, which was discovered by security researchers.
However, it is not known if malicious actors gained access to the server, which included customer names, email addresses, passwords and partial payment data, none of which was encrypted.
Operational errors at the heart of the Tech Data breach
This is by no means the first incident of this kind, but the Tech Data breach does highlight the perpetual issue faced by IT companies that simple operational errors can undermine any amount of technological sophistication.
“Tech Data’s woes highlight a fundamental truth about information security – it doesn’t matter how good your technology is, in the end it will be let down by poor operational practices,” said Stephen Gailey, head of solutions architecture at Exabeam.
“Admittedly some technologies make it harder than others to get things right, but the reality is that operational teams either don’t understand security best practice or are given too little time and resource to follow them.
“What happened at Tech Data in terms of poor operational controls is happening across the world today and the next company to be in the news is probably being breached as we speak.”
More attack surfaces, not enough skills
Data breaches that stem from unsecured servers are extremely common.
In March, for example, the data of 1.5 million shoppers was left exposed when Chinese online shopping giant Gearbest left key customer data on an unencrypted server. A similar issue afflicted customers of Freedom Mobile, Canada’s fourth largest mobile network, in May. And in December 125 million users of 3D avatar app Boomoji were also exposed due to an unsecure server.
Many will be appalled that such basic operational issues keep leading to the exposure of vast swathes of customer data. However, cybersecurity experts highlight that it is a symptom of an ever-increasing issue: growing digital adoption is rapidly increasing the number of available attack surfaces, but the skilled manpower to protect is unable to grow at the same rate.
“Leaving servers unprotected seems like such a simple mistake to make, but more and more companies suffer data breaches as the result of misconfigurations, and we read about them in the news almost every day,” said Chris DeRamus, CTO and co-founder at DivvyCloud.
“The truth is, organisations are lacking the proper tools to identify and remediate insecure software configurations and deployments.”
3 Things That Will Change the World Today
“Digital transformation has facilitated an exponential increase in the size of the enterprise attack surface. That, coupled with the fact that 51% of organisations report a problematic shortage of cybersecurity skills, according to ESG’s annual survey, can result in data breaches due to misconfigurations and other poor security practices,” added Jonathan Bensen, CISO at Balbix.
“In Tech Data’s defense, companies are tasked with the hefty burden of continuously monitoring all assets across hundreds of potential attack vectors to detect vulnerabilities. Through this process, companies are likely to detect thousands of flaws in their network – far too many to tackle all at once.”
Is it time for an operational overhaul?
For many companies, the growing reality is that the very way security is managed needs to change, and automation may be the answer.
“Fortune 500 companies like Tech Data, and other companies that house massive amounts of data must leverage artificial intelligence as a tool that can assist corporate security teams in monitoring for vulnerabilities.,” said Bensen.
“The top AI-based security tools can automatically discover and monitor all IT assets across a broad range of attack vectors, prioritise remediations based on business risk and even implement automatic remediation workflows by integrating into enterprise ticketing and security orchestration systems.”
“Automated cloud security solutions enable companies the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, and they can even trigger automated remediation in real time,” added DeRamus.
Whether companies take this approach or find another solution, it’s clear something needs to change.
“The need for comprehensive cybersecurity measures is widely known today; however, many companies continue to display poor stewardship over the personal details belonging to customers, employees, and other parties,” said Steve Armstrong, Regional Director UK, IRE & South Africa at Bitglass.
“Unless organisations begin to respect the importance of protecting customer data, we will continue to see more companies making costly mistakes that have the potential to harm countless individuals.”