With the decade rapidly coming to a close, I’ve been reflecting on 2019, a year wrought with massive, public breaches that illustrated hacker sophistication unlike anything we’ve ever seen before. Collection #1 exposed over 770 million unique email addresses and over 21 million passwords, the Capital One breach affected nearly 106 million U.S. and Canadian residents, and 540 million Facebook user records were exposed on AWS. And that’s just the tip of the iceberg. 

Every organization today has high-value assets, or as we like to call them, "crown jewels," that should be protected with the utmost vigilance at all times. These may include customer account details, personal identifiable information (PII), payment systems, or other financial assets that, if exposed or exploited, could result in detrimental loss for a business and its brand equity. 

I spend a lot of time discussing with organizations the world over how to achieve better breach protection with security segmentation that delivers simplicity and efficiency for networking and security operations teams. 

By now we’re all aware of the breach at Capital One, which affected nearly 106 million U.S. and Canadian residents, due to an attacker bypassing a web application firewall (WAF) Capital One was using as part of its operations in the cloud. In a nutshell, the attacker was able to trick the WAF into sharing credentials with access to Capital One’s AWS operations, thus leading to the data breach. The WAF possessed excessive permissions – enough to view and copy information behind it in AWS S3 buckets.

Specifically, consensus has emerged that this is a Server-Side Request Forgery (SSRF) attack. Our aim here is not to conduct an attack post-mortem but rather think about how to best move forward. For a thorough, digestible review of the attack, please read Brian Krebs' excellent write up.

This article was originally published on bio-itworld.com.

When it comes to cybersecurity needs and policies, the biotech and pharma industries need to secure and protect their most valuable assets like every other industry. What makes them unique, however, is that while protecting a company’s data is important to any industry, this information (i.e. research) is the biotech or pharma company in question—it’s their lifeblood and is the foundation for everything they do.