Connect with us

Hi, what are you looking for?

Business

How businesses should react to data breaches

Whether related to lax procedures, a lack of consistent oversight, or the fear of causing disruption to established processes – businesses are not getting data security right.

Image: © PRENSA SENADO/AFP Handout
Image: © PRENSA SENADO/AFP Handout

The digital platform Block (formerly called Square) has confirmed a data breach involving a former employee who downloaded reports from Cash App. While there are many unanswered questions from the entire situation, the organization’s flaw is actually not that uncommon or shocking as many readers might think.

According to cybersecurity evangelist and Zero Trust expert Raj Dodhiawala, president of Remediant, there are numerous ways that this could have occurred, one of which is due to unrecognized privilege sprawl,. Dodhiawala says this is a factor that all companies should have top of mind.

In the context of the Block issue, Dodhiawala outlines to Digital Journal whatcompanies should do to mitigate these preventable breaches from happening.

Beginning with the incident, Dodhiawala  explains: “While investigations of the Cash App breach are underway, leaving many unanswered questions on the ‘how’ this happened — it’s actually not as shocking to hear that it has, as some may think. In fact, there are numerous ways that this could have occurred, one of which is due to unrecognized privilege sprawl — a factor that all companies should have top of mind.”

Providing more detail as to the technicalities of the issue, Dodhiawala states: “Privilege sprawl is the always-on, always-available administrative access. It occurs when administrative, or special rights to a system, have been over-provisioned and granted to too many people within an organization.”

There were some specific weaknesses. Dodhiawala sees these as: “Company admins need access of course, but the 24x7x365 standing privileges that come with the ‘always-available’ approach are what get companies into hot water today, compounded by access that isn’t de-provisioned when it really should, as the breach with the Cash App illustrates.”

Delving deeper: “Whether related to lax procedures, a lack of consistent oversight, or the fear of causing disruption to established processes, the proper de-provisioning or termination of privileged access is often neglected or mismanaged, including when a person exits a company.”

Dodhiawala  adds: “Unfortunately, this is an issue growing in the dark of companies, quietly amassing to significant proportions and key to successful lateral movement attacks, which they don’t even realize until it’s too late.”

In terms of recommendations, Dodhiawala  says: “For those looking to address privilege sprawl, it’s important that they implement a ‘Just-in-Time’ approach with multi-factor authentication (MFA). This grants privileges only as needed for a set amount of time, and minimizes the sprawl that ultimately exposes companies to potential breaches.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

US senators advanced a bipartisan bill late Thursday addressing the epidemic of gun violence convulsing the country.

World

In the majority opinion, Justice Samuel Alito said "abortion presents a profound moral issue on which Americans hold sharply conflicting views."

World

With the demise of Eoe v Wade, is it hust a matter of time before we lose contraceptive and same-sex marriage rights?

World

US lawmakers broke a decades-long stalemate on firearms control Friday, passing the first major safety regulations in almost 30 years.