The onward march of cyberattacks continues to rock businesses round the world, providing reputable damage and putting customer data at risk. This week has seen two data breach stores of concern.
Volkswagen exhausts data
Volkswagen has revealed a data breach impacting over 3.3 million customers. During June, 2021, the automaker said that a compilation of data used for sales and marketing purposes between 2014 and 2019 was left unsecured and exposed online “at some point” between August 2019 and May 2021.
However, the exact timeline has not been established. An associate vendor has been identified as the source of the breach but the company has not been named. Audi and Volkswagen were alerted that “an unauthorized third party” may have accessed this information on March 10.
The data included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages.
Commenting on this cybersecurity breach for Digital Journal is Pravin Rasiah, VP of Product, CloudSphere.
Rasiah places the blame at weak IT system, finding: “When data leaks occur, it’s typically a sign of a lack of awareness within the IT environment. Leaving a server open without protection happens much more frequently than people expect and can easily result in the exploitation of customer data.”
These types of weaknesses can only be overcome by wholescale reform, as Raisah finds: “Without comprehensive visibility into deployments, an update in policy or change in access options could leave a server exposed for an unknown amount of time. Security guardrails complete with real-time observability are essential for any company housing sensitive data.”
This needs to be tackled at a senior level: “With proper governance, monitoring and controlling security status can be done in real time, ensuring any flaws are given immediate attention and no critical issues slip through the cracks.”
Certain Android apps have been found to be exposing data of millions of users due to cloud authentication failures. Security researchers listed 23 Android apps on the Google Play store with 10,000 to 10 million downloads affected by cloud security misconfigurations.
To discover more, Digital Journal touched base with Nadav Levy, senior product manager of Cyberpion.
Levy explains how these types of incidents happen: “App developers are tackling two issues; firstly that unprotected or misconfigured real-time databases are sometimes left exposed and vulnerable and secondly, embedded data can be left by developers within the app which can be reverse-engineered and leveraged by bad actors.”
To address these types of issues, Levy recommends: “Now more than ever, application developers need to be diligent and security-aware from the first day of development. Security should be a state of mind and not the last item on the to-do list after functionality is already completed.