The United Kingdom-based cybersecurity software company Sophos Group Plc has had a security breach issue that has openly exposed some customer data. Cloud storage breach issues have not been uncommon in this difficult year. 2020 has seen its fair share of breaches and this specific issue concerns a tool that stores information on customers.
Following the breach, Sophos contacted customers via email stating that there was an access permission issue. The problem was with a tool that was used to store information about customers. Specifically, the tool is used to communicate between the customer and Sophos Support.
Data Was Accessible by Unauthorized Parties
Sophos emailed a small batch of customers in order to inform them that their personal information was now exposed. The customer data issue came from a misconfiguration of a tool that communicates between the customer and the company support department.
The data that was exposed included the full names, phone numbers, and email addresses of Sophos customers. Sophos has not revealed information on how exactly the data has been exposed. They also have not revealed if any malicious individuals or companies were involved.
Cloud Storage Security Challenges in 2020
The global cloud services market is forecast to grow 17% in 2020 to a total of $266.4b an increase of almost $40b from 2019. As more and more business is passed through the cloud, it becomes equally important to secure and control the services. It is a regular occurrence that hundreds of millions of accounts get breached every year.
2020 hasn’t been kind on cloud storage security. Cloud storage is susceptible to data breaches, misconfiguration, inadequate change control, and lack of cloud security architecture. Cloud storage security challenges also include insufficient key management, account hijacking, insider threats, and insecure interfaces and APIs.
Sophos Has Quickly Fixed The Issue
Following the security breach issue, Sophos has stated that the issue is no longer a problem. The issue was quickly addressed after measures were taken to stop data exposure.
Earlier this year in April, Sophos also had another incident. Specifically, this was a zero-day SQL injection vulnerability in their XG Firewall. This followed reports that hackers were exploiting the system. Trojans also exploited the zero-day to hack into firewalls and usernames as well as passwords.
Sophos has since focused on securing previously unknown zero-day SQL injection vulnerabilities and firewalls. The attacks were targeted at exploiting the HTTPS administration service and the User Portal on the WAN zone. Sophos has since secured all systems and stated that external authentication systems like Active Directory Services and LDAP were never accessed by intruders.
The Future of Cloud Storage
The top three areas where most global CIOs will be increasing their investment are various forms of cloud computing. It is estimated that by 2022, up to 60% of businesses will be using cloud-managed service offerings. This is twice that of what it was two years ago, which goes to show how critical cloud computing really is and will continue to be.
One example of a potentially safer service is pCloud. Services such as pCloud are taking things further into a safer future. PCloud is distinguishing itself as a full external hard drive service. The difference between pCloud and OneDrive or Dropbox is that all data fully remains on the cloud and is fully encrypted from start to finish. It is also possible to choose the region where your files will be stored.
Sophos provides cybersecurity solutions for enterprises and for home users. We reviewed its retail antivirus app here.