Not all data breaches are the work of a hacker armed with sophisticated malware, or an employee abusing their insider access. Sometimes, it's simply the result of human error leaving the door open.
Cloud misconfigurations have been a root cause of countless data breaches in recent years, leading to the exposure of more than 33 billion records and costing companies nearly $5 trillion. And with the recent mass migration to the cloud in the wake of COVID-19, the damage could soon become a lot worse.
What are cloud misconfigurations?Imagine building a house to store all your possessions, but forgetting to install a door to keep strangers out.
Cloud configuration is the process of setting hardware and software details for elements of a cloud environment to ensure that they can interoperate and communicate. If any of those details are set up improperly, or in some cases completely neglected, those are cloud misconfigurations.
Some of these details include who on the internet can see these servers and who has permission to access them, which is why misconfigurations can have a serious impact on the security of the cloud infrastructure. In some cases, cloud misconfigurations can allow anyone from anywhere in the world to access the private data stored within, sometimes without even needing a password, as was the case with Adobe in 2019.
A matter of human error
Humans are often called cybersecurity's "weak link", due to the fact that unlike computers, we tend to make mistakes, which can at times have very dire consequences.
From sending emails containing sensitive information to the wrong person, to accidentally downloading a piece of malicious malware, human error is at heart of some of our worst cybersecurity mistakes, among which cloud misconfigurations would no doubt rank highly.
Perhaps security consultant Frank Abagnale, the former con artist of "Catch Me If You Can" fame, put it best when he said: "Hackers do not cause data breaches. People do."
At the end of the day, it is the responsibility of each and every company handling sensitive user information to ensure that their cloud environment is secure and properly configured, and our responsibility as users to practice good password hygiene, and be prepared to quickly change our passwords in the event of a data breach.
With its built-in password generator, the MYKI password manager makes it easy to create strong and unique passwords for each of your online accounts, and allows you to securely store all your account credentials offline, on your own devices.
Download the MYKI app for desktop or mobile today and start taking control of your digital identity.