Biggest Lessons You can Learn from Crypto.com’s Latest Data Breach
Crypto.com is the latest victim of a data hack incident that may have well jeopardized cryptocurrencies worth over $30 million from 400+ user accounts. What’s worse, the reputation of this company could be permanently tarnished due to this incident! It’s true that crypto companies are among the worst-affected digital companies as reported in our data breach updates.
Last year, Japanese cryptocurrency exchange Liquid lost $97 million in cryptocurrencies, while another fintech company Coinbase detected unusual unauthorized third-party activities to siphon off funds from 6000 Coinbase customer accounts. When Panasonic reports ed a data hack on its online resources, we braced for 2022 knowing it would be a ‘killer year’ for hackers and ransomware groups that have deeply entrenched themselves into modern digital ecosystems.
Last week, Crypto.com’s CEO Kris Marszalek admitted in an interview that some of the security layers were breached resulting in loss of data of 400+ users. While the CEO acknowledged that the leak was controlled within 13-14 hours, users could well have lost over $30 million in Bitcoin and Ethereum after a hack that took place on Jan. 17, 2022.
— Bloomberg Live (@BloombergLive) January 19, 2022
Reports state that the website’s risk monitoring systems detected unauthorized activity on some accounts where transactions were being approved without the 2FA control. While the reaction was swift, several accounts were impacted, resulting in a loss of 836.26 ETH and 443.93 BTC —which equals around $15.2 million and $18.6 million respectively at this time — plus $66,200 worth of other currencies.
Here are the three lessons you can take from Crypto.com data leak incident.
Reacting to this recent data incident affecting Crypto.com users globally, Neil Jones, Cybersecurity Evangelist, Egnyte said, “Infamous bank robber Willie Sutton is frequently quoted as saying, ‘I rob banks, because that’s where the money is.’ In 2022, the technical environment has evolved to, ‘I rob cryptocurrency exchanges, because that’s where the money is.’ I’m actually more surprised by the number of users who had their money pilfered, nearly 500 according to published reports, rather than the $30 million+ that was stolen. Major lessons from this security breach include the following:
- The importance of an effective Two-Factor authentication solution that prompts end-users for additional verification when large transactions occur unexpectedly.
- The need for a current- and road-tested- incident response plan.
- The requirement for end-users to be notified promptly and accurately when cyberattacks take place, to help protect brand reputation. Companies should keep posted for developments in this space, as this likely isn’t the last breach you’ll see in the cryptocurrency markets.”
According to IBM, data breaches cost businesses $4.24 million in 2021, the highest average total cost in the 17 years of history of IBM’s annual Cost of a Data Breach Report. Compromised credentials resulted in 20 percent of the breaches even as global companies switched to remote working during the COVID-19.
As a cost mitigation step, companies that have invested in automation and security Artificial intelligence (Sec AI) are firmly placed to tackle any kind of data breach with a zero-trust approach toward any Big Data-driven Cloud modernization journey.
Gal Helemski, CTO and co-founder of PlainID, who spoke to me at the time of Panasonic’s reporting of data leak, said, “When it comes to breaches, identity is still the number one challenge. Organizations must adopt a ‘zero trust’ approach, which means trusting no one – not even known users or devices – until they have been verified and validated. Access policies and dynamic authorizations are a crucial part of the zero trust architecture; they help to verify who is requesting access, the context of the request, and the risk of the access environment.”
Gal continued, “Instead of pouring more money into a shotgun approach to security, organizations need a more focused strategy oriented on purchasing the highest reward tools. Identity and authorization are where the smart money should be going. If we assume hackers are already in the network, it makes sense to focus budgets on restricting movement inside the network.”
So, how businesses could prevent such attacks?
Adir Gruss, Field CTO, Laminar advises, “The shift to the Cloud and to the developer over the past few years has created a landscape for organizations to have data stores everywhere and unfortunately many companies do not know where their sensitive data is located in the cloud. You cannot protect what you can’t see. To safeguard against a majority of today’s cyberattacks, organizations must have complete observability of their data in order to protect it. With monitoring and control of valuable data, data protection teams will regain the clarity they need to keep up with the fast-paced cloud environment.”
Confiding with what his fellow industry leaders had to state, Danny Lopez, CEO, Glasswall says, “Ramifications are huge if the data falls into the wrong hands. Organizations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It’s vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defense where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.”
Danny added, “Attacks like these caused by illegal access demonstrate that a traditional castle-and-moat approach to network security leaves organizations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers, it is crucial to strengthen all processes relating to access verification. Without a zero-trust approach, organizations run the risk of attackers having a free reign across a network once they are inside.”
In short, automation, AI, and the zero-trust approach are key to staying safe and protected against data attacks that were inflicted upon Crypto.com, Panasonic, Coinbase, and others in recent.
[To share your insights with us, please write to email@example.com]