The document reviews the top 10 data breaches of 2020, emphasizing lessons learned from each incident, such as the importance of comprehensive controls, monitoring for misconfigurations, and securing authentication practices. Key insights include the necessity for detailed privilege management, the risks of insider threats, and the importance of integrating security teams to identify and mitigate risks effectively. Sonrai Security offers solutions for managing identity and data protection in cloud environments to prevent future breaches.

1. Confidential
Hotels, Hookups and Video Conferencing
A Top 10 Countdown to 2020's Worst Data Breaches
“We Dig Your Cloud”

2. Meet the Speakers
Eric Kedrosky
Director of Cloud Security
Research & CISO
Sonrai Security
Mitch Ashley
CEO & Managing Analyst
Accelerated Strategies Group

3. 2020 Data Breaches

4. Misconfigurations

5. 10: Prestige Software

6. Lessons From Misconfigurations
• Need comprehensive
controls, applied to each
domain
• One technique doesn’t
mean safety
• Block permissions with
policies and constant
monitoring for mistakes

7. Third-Party

8. 9. Keepnet

9. Lessons From Third Party Breaches
• Need comprehensive
controls across all
providers
• Checks and audits are
required
• Vendors are targets too
• Continuously maintain
least privilege

10. Weak Authentication for Data Storage

11. 8. Spotify

12. Lessons for Weak Authentication
• Be careful trusting old
school network protection
• Protect EVERYTHING with
authentication
• Use proper network
zoning for multi-tier
application stacks

13. No Authentication for Data Storage

14. 7. BlueKai

15. Lessons for No Passwords
• Use passwords

16. Human Error

17. 6. Vertafore

18. Lessons for Human Error
• Continuously monitor
access
• Get to and maintain least
privilege
• Prevent overprivege

19. Key and Secret Management

20. 5. WildWorks

21. Lessons Key and Secret Management
• Multi-factor
authentication is powerful
• Use keys wisely
• Looks for keys and secrets
in code repos and open
storage
• Look for sloppy key
exposure

22. Overprivilege

23. 4. Cisco

24. Lessons from Overprivilege
• Define adequate privilege
for each account and
workload
• Compare permissions to
usage and triage to get to
least privileged
• Establish protections for
highly privileged accounts
• Watch out for bad habits
in creating overprivileged
accounts

25. Insider Threats

26. 3. Shopify

27. Lessons and Tactics for Insider Attacks
• Highly privileged and “break
glass” accounts must be
supported, but such
accounts must be used
carefully
• Separation of duties for
dangerous activities is vital
• Some security architectures
make separation of duties
tricky; root accounts are
required for some functions

28. Admin Credentials

29. 2. MobiFriends

30. Lessons and Tactics for Admin Credentials
• Creating accounts and roles
separate duties
• Remove dormant admin
accounts
• Get to least privilege
• Administrative credentials
are only used for
administrative tasks
• Administrator privileges are
appropriately logged and
continuously monitored

31. Trial By Fire

32. 1. Zoom

33. Lessons and Tactics for Security Teams
• Continuous auditing and
reporting
• Integrate teams to shift left
effectively
• Prevent and remediate issues
• Remove blind spots and gaps
from Individual tools

34. Sonrai can help
Identity and Data Protection
for AWS, Azure, GCP, and
Kubernetes
Identity & data access complexity is a ticking time bomb
in your cloud. Tens of thousands of pieces of compute,
thousands of roles, and a dizzying array of
interdependencies and inheritances. First-generation
security tools miss this as evidenced by so many
breaches.
Sonrai Dig, our enterprise identity and data governance
platform, de-risks your cloud by finding these holes,
helping you fix them, and preventing those problems
from occurring in the first place.

35. Confidential
Q & A

36. Confidential
Thank You!
sonraisecurity.com
“We Dig Your Cloud”