Page 240 - Cyber Defense eMagazine September 2025
P. 240
It’s important that everyone in the organization be educated about how to protect against both types of
attacks. Data is an asset, and its protection can no longer just be delegated to IT without oversight and
understanding.
The Threat is Already Inside Your Network
Most organizational leaders want to believe that an internal threat isn’t likely. After all, who wants to work
with people who would steal? Sadly, most organizations learn the hard way, because they can’t imagine
that a data breach will happen to them. In fact, many organizations still view a data breach as an unlikely
scenario, with odds similar to being hit by a tornado or a fire. So many assume that if they are not a
household name with millions of customers, they will be poor targets. Still others, believe they are
adequately prepared but never run simulated exercises to check. But the odds are that much higher –
nearly 1/3 of organizations will get hit by a data breach this year.
So why are so many breaches still occurring? The fact is, most people are working off some erroneous
assumptions, particularly around their use of data encryption. While many security personnel proudly
announce that all their data is encrypted in transit and at rest, what no one has been acknowledging is
the dirty secret that once systems are in use, all that protection goes away. Most organizations never
shut down their applications (even after hours, if they do not run continuously) so their data is always
vulnerable, to anyone (known and unknown) inside the perimeter.
The recent Coinbase data breach is a great example. The breach did not result from a technical
vulnerability in its systems, but rather was perpetuated from within, by support staff who abused their
legitimate access to steal the data in return for relatively modest bribes. The breach compromised the
sensitive personally identifiable information (PII) of almost 70,000 users, along with account-related
information such as balance snapshots and transaction histories. This unauthorized activity happened
over the course of almost 6 months before being discovered. As a result, Coinbase is facing at least six
class action lawsuits alleging that Coinbase failed to implement and maintain adequate security protocols,
exposing users to serious risks. In response to the breach, Coinbase has refused to pay the $20 million
US ransom demand and instead offered a $20 million reward for information leading to the identification
and prosecution of the attackers. The company estimates that the incident could cost between $180
million and $400 million, accounting for remediation efforts and reimbursements to affected users.
In another example, Capital One experienced an enormous data breach in 2019, due to a
misconfiguration of their cloud infrastructure (specifically a misconfigured Web Application Firewall). This
vulnerability was then exploited to access sensitive data from over 100 million customers, including credit
scores and banking details. Unfortunately, this is not an isolated incident. System administrators often
have too much access to organizational data compounded by them escalating their access privileges
without the knowledge of management.
In another notable instance, in 2024, a hacker broke into AT&T’s cloud storage provider, Snowflake, and
accessed call and text records for almost all their 109 million US customers. Although AT&T claims that
no names were attached to the stolen data, the breach led to multiple class action lawsuits were just
recently settled for $177 million US.
Cyber Defense eMagazine – September 2025 Edition 240
Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.
