4 Major Breaches in 2020 and How They Could Have Been Mitigated (Part 4)

Feb 3, 2021 / by SecureCloudDB

2020 will go down in infamy for many reasons, but as millions of people have struggled with a pandemic throughout the past year, organizations have had their own crises to deal with. With more activity in the cloud than ever before, data breaches have affected everyone from small businesses to Fortune 500 companies. In this four part series, we look back on notable breaches from 2020 and discuss how SecureCloudDB could have been employed as part of a layered defense strategy to alleviate, if not prevent, incidents like them.   

Part four notes the Shopify breach that occurred in September of 2020.

 

Internal Employee Breach

Malicious activity isn’t always going to come from outside the organization. Sometimes, the people you trust most are the bad actors. In the case of Shopify it was discovered that two employees illegitimately accessed data associated with customer transactions from Shopify merchants. 200 businesses were affected.

 

How SecureCloudDB Can Help - Policies and Alerting

SecureCloudDB Policies are used to create alerts for an environment. Policies can be composed of security rules or be set to alert to certain database activity. When anomalous activity is detected, or a security rule is breached, a corresponding alert is sent via email, AWS Security Hub, etc. based on the criteria that has been set.

SecureCloudDB PoliciesSecureCloudDB Security Policies are accessible by selecting "Policies" in the main menu.

 

For security rule alerts, criteria can be set for one, some or all rules within your SecureCloudDB system allowing you to group rules together into multiple policies.

Database activity monitoring policies allow you to set criteria based on different activity happening in and around the database. For example, setting a policy to monitor administrator changes after hours.

All alerts are logged and stored in SecureCloudDB so you can always go back and see what happened on a specific day if necessary.

SecureCloudDB New Alert PolicyTo create a "New Alert Policy", select "Policies" in the main menu and hit blue "New Policy" button in upper right corner.

 

Protecting Data At the Source Has Never Been More Critical

We all want to believe that our environment is impenetrable, but history has shown that no organization is immune from threats. Whether it’s poorly configured databases, weak passwords/encryption or a rogue employee, events have shown us that being ahead of the threat is key to countering it. Failure to combat an attack no matter how small can lead to outages as well as financial and reputational consequences.

The monitoring and assessment of database environments is crucial. With SecureCloudDB, putting safeguards in place to help prevent public cloud database breaches in 2021 and beyond has never been easier.

 

Look for part one of this series where we go over the Estée Lauder breach; part two where we review the Microsoft breach; and part three where we highlight the Garmin breach.

 

New to SecureCloudDB? Sign up for a demo or free trial today. Already a partner or customer? Contact your SecureCloudDB representative to discuss how we can help make your experience even better. 

 

Tags: Data Breaches

Written by SecureCloudDB