What Capital One Got Wrong (and Right) After the Breach
With over 106 million customers and applicants’ personal data exposed, the Capital One breach is one of the biggest breaches of a financial institution in US history. A former employee of Amazon’s cloud-computing unit was able to exploit a vulnerability in Capital One’s cloud service provider AWS,exposing some 140,000 Social Security Numbers and 80,000 bank account numbers of US customers. Some security experts are chastising Capital One for what they see as a preventable attack, others are expressing surprise that a breach this big occurred to a company known for strong cloud security, and some are praising Capital One for what they saw as a relatively quick response to the breach. But while responses to the Capital One breach may differ, one overarching conclusion has emerged: businesses should have comprehensive plans and procedures prepared if (and when) an attack happens.
Even the Strongest are Vulnerable
Capital One has a reputation for having one of the strongest teams in cloud security, so it came as a surprise to many when they experienced a breach. The hacker exploited a misconfigured firewall–a vulnerability that security experts had been warning about for years. But while some security experts held Capital One responsible, pointing out that the attack could have been prevented by regularly testing for weaknesses in the firewall, others argued that Amazon should do more to alert its customers to configuration errors that can be exploited. While you could argue over who is more accountable, that’s not the point here: the Capital One breach has made it clear that breaches can never fully be prevented. Indeed, when it comes to major companies, the odds of a data breach happening is almost 100%.
Responding to the Breach
The good news is Capital One had a plan in place to recognize and respond to the breach. The breach was initially discovered through a vulnerability report, submitted by someone through their vulnerability disclosure email. An incredible 93% of companies in the Forbes Global 2000 list don’t have a vulnerability disclosure policy—or guidelines for reporting potentially unknown security vulnerabilities to a designated person or team, putting Capital One ahead of their peers. Capital One responded quickly—the hacker was arrested just 12 days after the initial vulnerability report—an incredibly quick turnaround in the industry. Their response provides some pointers on how companies can prepare for and respond to attacks.
Communications at the Heart of Response
In the case of the Capital One breach, the hacker was able to access information they stored—and could have likely easily gained access to other private information in the company—including their communications. The lesson: when it comes to responding during a breach, companies need to be able to communicate over a network that they know isn’t compromised and can’t be shut down. At Vaporstream, we provide you with that network so that you can rapidly communicate without having to worry about your communications being compromised or that the information you’re sharing could be leaked or accessed without your authorization. You can communicate critical information to staff, media, and customers during a breach and streamline your response plans. To learn how we can help you improve your response plans and procedures watch our video on crisis communications here.
Contributor: The Vaporstream Team