30.7 F
Denver
Friday, October 30, 2020
  • News

Lessons from Microsoft’s 250 million data record exposure

Must Read

Hands-on with the Hyper GaN Stackable USB-C charger [Video]

Last year Hyper launched the world’s smallest 100W USB-C charger thanks to its implementation of GaN technology. Now the company is back with an even more compact and functional way to power up your devices with the HyperJuice GaN Stackable Charger. Follow along for a hands-on look as well as how to get 50% off…

Elon Musk and SpaceX launch Starlink satellite broadband amid pandemic

In vast swaths of the United States and the world, there are millions of people who don’t have reliable internet access. These unconnected people aren’t just in far-flung places like rural America or New Zealand or sub-Saharan Africa, either. There are plenty of people living in dense city centers who struggle to access affordable broadband.…

Epic Games Acquires Kids’ Technology Platform SuperAwesome

12:08 PM PDT 9/25/2020 by Trilby Beresford Rachel Luna/Getty Images; Courtesy of SuperAwesome Epic Games founder and CEO Tim Sweeney; SuperAwesome co-founder and CEO, Dylan Collins The company allows developers to create safer digital experiences for children on the internet. Fortnite maker Epic Games on Friday revealed the acquisition of SuperAwesome, a technology platform that…
Ethelyn Bryehttp://cyanosaur.com
Ethelyn Brye is an award-winning author and blogger. Growing up in Switzerland and influenced by renowned Swiss design and a lot of fresh mountain air, she attended and completed design studies in Geneva. Post graduation she moved to Washington State to work for a design firm, but her love of writing brought her to Cyanosaur. She's highly interested in strategy rpgs, mountain climbing, board games with friends and skiing. She lives in Seattle, Washington, with her lovely cat Armstrong.

Microsoft has one of the best security teams and capabilities of any organization in the technology industry, yet it accidentally exposed 250 million customer records in December 2019. The data was accessible to anyone with a browser, who knew the server location, for about a month in total before an external researcher detected the problem. The database held records of customer support engagements dating back to 2005. Once alerted, Microsoft quickly closed the hole, investigated the breach, communicated to customers, and graciously thanked the security researchers. Yes, it is terrible that sensitive data for over two-hundred million people were exposed, but how an organization responds to an exposure reveals its true nature and commitment to security, privacy, and safety. As a former cyber incident commander for a major technology corporation, I can see a number of important lessons to be learned through this snapshot engagement: 1. No matter how much you spend, what technology you use, or how skilled your operators, accidents and breaches will still happen. Nevertheless, the likely rate and impact is relative to those aspects, so it is far better to maintain a strong security posture. 2. The ability to be rapidly notified by third parties and spin-up a crisis team showcases your pragmatic insight to sustainable security. 3. A commitment to openly recognize the issue and address it quickly proves the trustworthiness of the organization. 4. Properly investigating to understand the potential impact and quickly communicating to affected parties determines the level of commitment to professional ethics. 5. Giving credit to those who found the problem in your systems, that affected your customers, is simply a class act that will pay-forward with other security researchers in the future, and shows long-term commitment to being a responsible part of the global digital ecosystem. Overall, I think Microsoft did an excellent job in responding to this data exposure event and it reinforces its current reputation as one of the best security teams in existence. There are also a number of changes that need to be implemented to improve prevention capabilities so this does not happen again in other areas. I fully expect the crisis team to have already prepared several process improvements, oversight requirements, and access controls validations to be instituted. Learning from incidents is incredibly valuable to reducing future events, if the lessons are embraced, implemented, and sustained. With a well-supported and capable cyber crisis team, companies can continually improve their security posture, rapidly address issues, and showcase a professional response to bolster customer trust, even when unforeseen events occur.
Read More

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Hands-on with the Hyper GaN Stackable USB-C charger [Video]

Last year Hyper launched the world’s smallest 100W USB-C charger thanks to its implementation of GaN technology. Now the company is back with an even more compact and functional way to power up your devices with the HyperJuice GaN Stackable Charger. Follow along for a hands-on look as well as how to get 50% off…

Elon Musk and SpaceX launch Starlink satellite broadband amid pandemic

In vast swaths of the United States and the world, there are millions of people who don’t have reliable internet access. These unconnected people aren’t just in far-flung places like rural America or New Zealand or sub-Saharan Africa, either. There are plenty of people living in dense city centers who struggle to access affordable broadband.…

Epic Games Acquires Kids’ Technology Platform SuperAwesome

12:08 PM PDT 9/25/2020 by Trilby Beresford Rachel Luna/Getty Images; Courtesy of SuperAwesome Epic Games founder and CEO Tim Sweeney; SuperAwesome co-founder and CEO, Dylan Collins The company allows developers to create safer digital experiences for children on the internet. Fortnite maker Epic Games on Friday revealed the acquisition of SuperAwesome, a technology platform that…

Gaming companies are reportedly the next targets in the US government’s potentially broader Tencent purge

Some of the biggest names in online gaming in the United States have received letters from the U.S. government requesting information about their relationship with the multibillion-dollar Chinese tec…

How America’s war on Huawei may boost Chinese technology

From September 15th the Chinese telecoms giant will no longer be able to buy vital semiconductorsHUAWEI IS ON the ropes. From midnight on September 14th the Chinese technology giant will be cut off from essential supplies of semiconductors. Without chips it cannot make the smartphones or mobile-network gear on which its business depends. America’s latest…
- Advertisement -

More Articles Like This

- Advertisement -