Cloud Breach, the costs associated with a counter measures
For the past two weeks, we have learned the power and efficiency of cloud computing. There is no question that Cloud service such as SaaS, PaaS, and IaaS enormously impacted our daily lives as well as business, but at the same, it is worthwhile to understand the risks associated with the convenience.
July 12, 2017, Version, one of the largest communication technology companies in the world, confirmed that data that belongs to 6 million customers was leaked online. Data that was exposed to the public was following: [1]
- Names
- Addresses
- Phone numbers
- Account details
- Account Personal Identification Numbers (PIN codes)
Account personal identification numbers are used to confirm the identity of people who call for customer service. Theoretically, with this information, you can pretend to be someone and easily change your service plan. What I would personal fear is I have exact same PIN codes for many services (except bank account), hence if there were smart hackers, they would be able to stock those information and use automation software to randomly apply them to many services. So, what and why this happened?
Verizon reported on its blog that “an employee of NICE Systems, one of Verizon’s vendors, placed information into a cloud storage are and incorrectly set the storage to allow external access.” [2] In other words, this was caused by a “human error”. NICE “manually” made a security setting public, instead of private, on an Amazon S3 storage server.
From a business perspective, besides their loss of credibility, millions of dollars will be spent to work out countermeasures. These are the lists of countermeasures we (Tokyo Disney Resort) took when we were in the same situation:
- A CTO demoted and a new CTO headhunted from other company
- A change in organization structure was also taken place
- A special 24 hours operator service was prepared and full-time employee across many divisions will be in those positions (overnight)
My previous company had about 1 billion of annual net income. $12 million additional costs are huge; with $12 million, Disney could renovate a new show for Soarin’ or Mickey’s PhilharMagic, which could generate NPV of approximately $10 million.
We have to keep in mind that these rapidly expanding new technology is always double-edged swords. Even when companies outsource these services, one should create safety nets to prevent human errors of vendors.
Source
[1] http://www.ciodive.com/news/third-party-vendor-blamed-for-verizon-data-leak/447080/
[2] http://www.verizon.com/about/news/verizon-responds-report-confirms-no-loss-or-theft-customer-information