How to handle the Snowflake data breach

By now, most people are aware of the #snowflake #DataBreach and the widespread impact it's had on the technology industry, but are you aware exectly which of your vendors have been impacted? By using the Black Kite Platform you can immediately see where this compromise affects your company's digital #supplychain and what your remediation actions should entail. If you would like to see how we could assist you in getting the visabilty across your #thirdpartyrisk get in touch with us on the link below: https://lnkd.in/gy9_Gxcp

Insightful recap on the Reveal Security blog today of the identity security incident that has impacted at least 165 of Snowflake's customers. According to Snowflake and Mandiant (part of Google Cloud) the threat actor is targeting Snowflake customers through the use of stolen #credentials and it’s highly likely that other #SaaS providers and applications will be targeted with similar account takeover and credential misuse tactics in the near future. In this blog Adam Koblentz outlines what we know so far about the incident, its impact, and what lessons can be applied to identity security across SaaS applications and #cloud. Bottom line: Security leaders should think carefully about whether to leave the security of their organizations' data in the hands of their SaaS providers. This incident once again points to the urgent need for post-auth identity threat detection across SaaS and cloud. #MFA and other preventative identity controls are important but they are no longer enough. Read the blog here: https://lnkd.in/eiPAwQNg #identitysecurity #saassecurity #detection #postauthitdr #ciso #tdir #itdr

Recent events underscore the critical need to focus on security in SaaS environments like #snowflake and #databricks, especially following the unauthorized access incidents affecting some Snowflake customers. Identity lies at the heart of these challenges. Explore our latest blog to discover how to assess and protect your Snowflake environments: https://lnkd.in/eJVfUk-T #saassecurity #cybersecurity #cloudsecurity

As per Forbes, there's been a 72% increase in Cyber Security attacks in 2023, compared to 2021. The figures at the end of 2024 are expected to be even higher. Per a running estimate in 2024- the average cost of a data breach cost this year has been $4.8 Million. A good example of this, is the Snowflake breach that happened earlier this year. 94% of businesses use the cloud in 2024 and 61% reported incidents this year alone! The above data points are scary. But there's good news too? Most breaches are preventable. ️Our blog below dives deep into the Snowflake breach, unpacking the lessons learned & best practices to secure your cloud data infrastructure and take proactive measures in the event of an attack. Here's a summary of it: -> How the breach likely happened (hint: it wasn't Snowflake's fault!) -> Common security weaknesses & how to avoid them -> Essential best practices: IAM, encryption, monitoring & more -> Advanced security measures: ZTA & DLP explained The shared responsibility model in cloud security Read the full blog here https://lnkd.in/d-dAGvaX #cybersecurity #databreaches #cloudsecurity #software #technology #ai #data #leadership #cloudgovernance #digitaltransformation

A Third of Organizations Suffer #SaaS Data Breaches >> https://buff.ly/3yLznJN #tech #cloud #digital #innovation #digitaltransformation #cloudcomputing #cybersecurity #security #infosec #cloudsecurity #business #leaders #leadership #management #CISO #CIO #CTO #CDO #CEO #databreaches #cyberthreats #cyberattacks #cybercrime #cybercriminals

The recent Snowflake incidents got me thinking: MFA is such a basic security control that even non-security folks know its table stakes in today’s environment. How could this be missed? It’s important to answer this question to ensure we don’t overlook these basic yet powerful security controls in the future. I have concluded this as a miss on three fronts: 1. B2B SaaS Vendors Snowflake has a trust portal which shows local user accounts that do not have MFA, but it’s not enabled by default. I wonder how many companies actually turn it on. Security should be turned on by default by B2B SaaS vendors; it’s not optional. 2. IdP Tools The goal of IdP tools (e.g., Okta) is to enforce authentication policies such as SSO and MFA across all the tools in a company. However, it’s also their job to highlight local accounts in each tool that don’t comply with these authentication policies, which is often not done by most IdP tools. Currently, putting every tool in your company behind Okta doesn’t mean you have truly enforced SSO. 3. Security Teams Security teams need to level up their periodic access reviews of the critical tools like Snowflake. The goal of these reviews is to identify and revoke unauthorized access based on groups and permissions, but we often overlook whether there are any local user accounts or if MFA is enforced. Incorporating these basic checks, along with simple threat hunting such as periodically checking the login locations of these local accounts, will help teams proactively identify access issues. Incidents will happen, but let’s learn from them and continuously improve our security practices. #CyberSecurity #MFA #SSO #DataSecurity #B2BSaaS #IncidentResponse #Okta #Snowflake #SecurityBestPractices #InfoSec

The recent attack on Snowflake accounts underscores a critical lesson for all cloud users: securely managing identities and access is paramount under the shared responsibility model. As more organizations leverage cloud services, it's essential to understand that security is a collaborative effort between the service provider and the customer. Here are some key takeaways: 1️⃣ Shared Responsibility Model: While cloud providers like Snowflake ensure the security of the infrastructure, customers must secure their identities and access management. 2️⃣ Identity Management: Implement strong identity governance to ensure only the right people have the appropriate access to critical data. 3️⃣ Access Control: Use tools and policies to manage and monitor access, reducing the risk of unauthorized access. Listen in to hear our Director of Product, Sharon Kisluk, explain where things went wrong in this major security incident. #snowflakebreach #cybersecurity #identityandaccessmanagement

How do we evaluate data protection in the cloud era? Nasuni Solutions Architect Ryan Miller shares insights on how organizations can take advantage of the durability and scalability of object storage and modernize how we approach data protection. Learn more in his latest blog post: https://bit.ly/3XGMbuO hashtag #HybridCloud #DataProtection #Security #CyberResilience

Snowflake Breach: Who's Responsible? The Cloud Shared Responsibility ❄ 🤔 The Facts (as published): - Snowflake confirmed that a "limited number of Snowflake customers may have been affected" by recent tenant breaches, such as those at Ticketmaster and Santander Bank. - The lack of MFA was pointed to as the primary attack vector.  The shared responsibility model divides cloud security responsibilities between the client and the vendor, in this case, Snowflake's PaaS. The primary responsibility for enforcing proper authentication standards largely falls on the client. Clients must always secure and apply controls on the organization's data, regardless of its host. In this case, implementing basic security protocols and hygiene, such as MFA, restricting network traffic, and adding other security measures, would likely prevent such breaches from occurring. However, Snowflake is also responsible for creating defaults that will push customers to implement MFA (yes, companies probably still aren't adding MFA to some admin accounts...) and set other basic security measures, like a strong default password policy or rotation procedures, as a baseline for their accounts. This incident further underscores why identity-based attacks form the primary attack vector for data breaches and must be addressed first. #MachineFirst #IAM #IdentitySecurity #NHI #Snowflake #CyberSecurity

Continuing the discussion around the Ticketmaster data breach... SaaS apps like Snowflake, Databricks, and GitHub are being targeted by APTs, and every company needs to carefully review its SaaS security program. As with any SaaS application, customers have a shared responsibility with the provider to make sure the data is safe. There has been a recent announcement by Snowflake that some of their environments were compromised. "They repeated that there is evidence that the threat actor obtained personal credentials to and accessed demo accounts of a former Snowflake employee, but that the accounts are not connected to the company’s production or corporate systems." (June 1, 2024, Helpnet Security) Snowflake is a critical component of many businesses, with the platform at the core of data collaboration, AI, personalization, and customer engagement initiatives. Securing this critical business infrastructure against threats is critical but can also be complex without the requisite expertise. If you are a Snowflake customer looking to address any unauthorized access to your Snowflake environment immediately, check out this blog article by Obsidian Security. https://lnkd.in/exyPMwwW #cybersecurity #ticketmasterbreach #SaasProtection