The areas impacted by the data breach include schools, gaols, hospitals and business operations such as Tesla, Nissan, Equinox, and Cloudflare. In response to Verkada’s security camera footage hack, Digital Journal reached out to both security expert Robert Prigge, CEO of Jumio, and Gary Ogasawara, CTO of Cloudian, for their views on the vulnerabilities that led to the incident.
Beginning with Robert Prigge, he explains how the attack happened: “As hackers obtained full access to Verkada’s system through hardcoded credentials that unlocked a system account, it’s clear that stronger authentication methods are needed to keep data secure.”
In terms of the impact, Prigge explains: “The exposed footage from over 150,000 security cameras, including videos of prisoners and hospitalized patients, is both a privacy and security violation. Companies holding highly sensitive information can’t rely on passwords to keep their data safe. A more secure solution, biometric authentication (leveraging a person’s unique human traits to verify identity) ensures data can only be accessed by authorized users, keeping data out of the hands of hackers.”
With Gary Ogasawara, the technologist looks at the issues surrounding cloud computing: “Many organizations view public clouds as the best place to store data. However, in addition to entailing large and unpredictable costs of accessing data, public clouds are often less secure, as incidents like this demonstrate.”
There is an inherent vulnerability here, explains Ogasawara: “The multi-tenancy of the public cloud can pose significant risks, as a single infrastructure flaw has the potential to make the entire environment vulnerable to hackers. On top of that, the public cloud can make it difficult for organizations to enforce security policies and access control.”
It then follows, Ogasawara states: “With bad actors constantly scanning for targets to attack, there’s no room for mistakes in cloud storage security. By keeping data on-premises, organizations can maintain full control of their data security rather than entrust it to a third party.”
