A recent EventBuilder misconfiguration exposed personal details of over 100,000 event registrants. It is feared that CSV/JSON files containing the personal information of individuals who registered for events via Microsoft Teams have been made available to rogue actors and that personal identifiable information could be exposed.
There are concerns that similar breaches could happen in the future, particularly as businesses are connecting web applications to cloud storage.
Delving into the matter for Digital Journal is Pravin Rasiah, VP of Product, CloudSphere.
According to Rasiah these types of incidents are relatively common and this infers an inherent weakness.
As Rasiah explains: “Misconfigurations like these happen much more frequently than one would expect, leaving customer information vulnerable to cybercriminals who can exploit the exposed data for a multitude of malicious purposes.”
To highlight the commonality, Rasiah states: “Many organizations have fallen victim to breaches because they do not have sufficient visibility into their IT environments and can’t properly discover and map data.”
This suggests a knowledge and resource shortfall, Rasiah argues. He says: “Even though it is a critical aspect of security as well as optimization, many organizations don’t have a clear view of their infrastructure, applications and how those workloads are connected.”
Looping back to the specific incident, Rasiah notes: “In this case, ethical researchers identified the exposed server before the data was compromised, but unfortunately, many times bad actors find the data first.”
Lessons need to be distilled down from the incident, as Rasiah recommends: “Companies entrusted with personal user information must leverage tools that provide holistic, real-time observability into the cloud landscape to remediate misconfigurations before it’s too late.”
He adds that such measures will pay dividends: “With proactive security and governance policies in place, businesses can operate confidently knowing that sensitive user data is secure.”
