In what seems to be a year of endless headline-grabbing cybersecurity incidents, AT&T Wireless is one of the latest organizations to confirm that it has been hit by a major data breach. The company admitted in July that the call and text message records of 109 million of its wireless customers were illegally obtained from the cloud of a third-party vendor, Snowflake. The stolen records encompass all numbers that AT&T Wireless customers interacted with via calls or texts, along with cell site locations. AT&T disclosed in a filing with the Securities and Exchange Commission (SEC) that an internal investigation uncovered the data theft in April.
Since data security has a direct correlation to building trust, what are some lessons we can take away from the AT&Wireless breach as we look to strengthen our cloud security defenses?
Thales Global Data Security Leader.
Beyond a regulatory requirement
This recent third-party data breach is a reminder that cybersecurity compliance is not just a regulatory requirement, but a fundamental requirement for safeguarding all sensitive data. In fact, Thales’ latest Data Threat Report found that companies that failed compliance controls were ten times more likely to suffer a data breach than those that did. More specifically, 84% of these companies reported having experienced a data breach in their history, and 31% said they had experienced one in the past 12 months. The correlation is clear: compliance goes hand in hand with strong cybersecurity.
Rather than viewing compliance as a box-ticking exercise that can be completed annually, companies with truly robust security will assess their security posture on an ongoing basis. That way, they can regularly evaluate and audit their defenses and change the way they authenticate their systems and data accordingly – not only in line with new regulations, but also in response to evolving threats.
Think beyond yourself: the supply chain
No company operates in isolation – it relies on contractors, suppliers, and vendors from different departments to function. But this interdependence also means that a number of other stakeholders are connected in some way to the company’s network. This means that even if your own security measures are robust, third-party vulnerabilities within the supply chain could be a weak point if used as a gateway by malicious actors into your company. In fact, this is exactly what happened in the case of AT&T Wireless, where the breach occurred in a third-party’s software.
In addition to strict access management to segment access to sensitive data, the security of suppliers themselves should also be assessed. Enforcing compliance with cybersecurity regulations will help you get a clear picture of whether stakeholders have implemented the necessary measures and can be considered trustworthy suppliers. The security of those involved in the supply chain should also be taken into account when conducting business risk assessments, monitoring threats, and conducting attack simulation exercises.
Understand your data
Understanding what data exists on your network, such as phone numbers in this case, may seem like a basic step, but it is essential to truly understanding the risk landscape.
It’s wise to first conduct an audit to understand what data is in your care, where it is located, and what protections are in place to safeguard it. From there, you can classify assets based on their risk status, assess current vulnerabilities and potential risks at play, and address weaknesses in your data protection mechanisms.
Prioritize robust defenses and proactive monitoring
Strong encryption, regular software updates, multi-factor authentication (MFA), and an identity management system are just some of the critical steps organizations need to take to mitigate the risk of breaches and leaks. Worryingly, less than 10% of businesses reported encrypting 80% or more of their sensitive data in the cloud, demonstrating how important pervasive encryption is for data at rest or in transit. But having strong defenses in place is only part of the solution.
Since human error is one of the leading contributors to cloud data breaches, constant behavioral or posture monitoring is another critical line of defense to adopt in the event that a threat actor obtains credentials. This proactive approach will automate the detection of non-compliant, risky, or suspicious data access behavior, protecting against intrusions.
Security by design
Cyber threats are constantly evolving and the only way organisations can stay ahead of the curve is by taking a security-by-design approach, where security is built into every phase of system development. This proactive stance ensures that vulnerabilities are addressed from the start, reducing the likelihood of exploitation, rather than incorporating new measures into legacy software and hardware.
This approach should be part of a broader, deeper security strategy, including multiple layers of security measures, such as MFA, encryption, and continuous monitoring, to provide an additional layer of protection. Relying on a single point of failure is dangerous for any business protecting critical information. Instead, organizations should diversify their defenses so that multiple points of failure must be compromised for a malicious actor to gain access.
Final thoughts
We are seeing a huge increase in the number of companies being targeted for their sensitive data. AT&T Wireless joins a growing list of large companies that have had to deal with cybersecurity breaches in recent years (and sadly, they won’t be the last). However, we are at a juncture where there are actionable steps that can be taken to mitigate those possibilities. Approaches must be multifaceted, proactive, and constantly evolving.
And there are good reasons to act now: beyond the financial implications of such breaches or the loss of valuable intellectual property, the reputational damage and loss of customer trust that this entails should not be underestimated. While security can enable companies to build that consumer trust, cases like AT&T show how easy it is to break trust and damage reputations.
We list the best patch management software.
This article was produced as part of TechRadarPro's Expert Insights channel, where we showcase the brightest and brightest minds in the tech industry today. The views expressed here are those of the author, and not necessarily those of TechRadarPro or Future plc. If you're interested in contributing, find out more here:
