Capital One breach shows even a strong cloud has holes

Register now

By all accounts, Capital One defended its customers’ data with the imposing array of cyber security tools that you’d expect from one of the largest banks in the United States. And yet a lone hacker managed to bypass those tools, gaining access to the company’s AWS server by exploiting a misconfiguration in one of Capital One’s application firewalls.

Whereas leading cloud service providers like Amazon are difficult to infiltrate directly, such misconfigurations along the customer’s interface with the cloud have become a favorite target for cybercriminals. In fact, according to Gartner, 99% of all cloud security failures will be the customer's responsibility through 2023.

While nearly half of organizations don’t bother looking for malware on the cloud, Capital One had a relatively mature cloud security posture—at least by traditional standards. It is therefore even more alarming that the bank did not become aware of the breach until more than three months after the fact, when it received a tip from an outsider who had stumbled upon the stolen data.
That a major financial institution was blind to this level of compromise further demonstrates that the conventional approach to cloud security is fundamentally flawed.

There is no silver bullet when it comes to cybersecurity—and that goes double for the cloud. Motivated attackers will inevitably find a way inside the nebulous perimeters of IaaS and SaaS environments, whether via insider knowledge, critical misconfigurations, personalized phishing emails, or mechanisms that have yet to be seen. The path forward, then, is to use artificial intelligence to understand how users work and interact within those perimeter walls, an understanding that can shine a light on the subtle behavioral shifts indicative of a threat.

By employing AI systems that learn how each unique cloud user, container, and application typically functions, we can gain the necessary knowledge of these complex environments to catch attacks in their nascent stages—before they escalate into crises. Ultimately, the cloud promises to unlock new heights of efficiency and novel forms of collaboration, but only if we’re willing to defend it with equally innovative security tools.

For reprint and licensing requests for this article, click here.
Risk Data breaches Payment processing Payment fraud Capital One ISO and agent