Incident Response

What’s the worst that could happen in a data breach? Lessons from the Okta data breach

This blog was originally published by Exterro technology partner Divebell here. It is reproduced here with commentary for Exterro blog subscribers.

Earlier this year, the Okta breach captured the infosec headlines. Okta, the #1 identity and access management company, was breached. In the chain of events that transpired, the hackers found on the network a file containing the passwords of domain administrators. Yes, that’s right: domain administrator passwords — the keys to the kingdom. Yes, keeping such a file on disk is a really bad idea. Yes, it happens. And chances are that among the hundreds of thousands of files on your One Drive or DropBox or Slack, you probably have one, too. In fact, based on our experience, you probably have a bunch of them.

Humans are well … human. Given enough people working with data, sensitive bits will invariably accidentally end up in the wrong place and wrong hands. Sometimes it is a spreadsheet of passwords in a shared drive. Sometimes it is a secret key pasted into Slack. Sometimes it is a spreadsheet containing customer names, phone numbers, and emails shared publicly in Google Drive. And sometimes it is a dump of your entire CRM left lying around in an S3 bucket.

Each of the above represents a significant risk to your company. If you are a regulated business, it could be a business-destroying event. These days, vendors like Google and Microsoft are adding capabilities to help monitor for and protect against such situations. It is a very good idea to use such tooling where available.

But most modern data ecosystems are quite diverse. The misplaced sensitive data — that metaphorical or literal passwords.xls file — might be in an application database, or a warehouse, or an S3 bucket, or in Salesforce, or in JIRA, or one of hundreds of different places. What you really need is a single tool that watches over all these and protects you.

And wouldn’t it be nice if that tool is a SaaS service, works across your complex data ecosystem, and sifts through large volumes of data without driving your AWS bill through the roof and requiring a small team of IT and InfoSec people to keep it running? Exterro Data Discovery powered by Divebell is one such tool. 

It's always best for an organization's legal team (as well as IT and privacy, too) to understand what data is held by an organization, where it is held, what it is used for, and what the organizations responsibilities are towards the retention or disposition of the data. While it's possible (and important) to get a top-down view of the data by conducting the interviews or surveys that compile data custodians' and business process owners' insights into the data, this incident highlights the shortfalls of such an approach--it doesn't account for forgotten or inadvertently misplaced data. 

While it is always best to prepare in advance of a breach--it's also critical to have plans in place to respond when the inevitable data breach or cybersecurity incident happens. Download this whitepaper on establishing a defensible breach response plan for some tips. 

By Tim Rollins

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.