AT&T wireless’ data breach: A wake-up call for strengthening cloud security and trust

A red padlock image against a digital map of the earth in blue.
(Image credit: Shutterstock / Askobol)

In what seems to be a year of endless cybersecurity incidents making headlines, AT&T Wireless is one of the latest organizations to confirm it has been impacted by a substantial data breach. The company admitted in July that the call and text logs of 109 million of its wireless customers were illicitly obtained from the cloud of a third-party provider, Snowflake. The stolen records encompass all numbers that AT&T Wireless customers interacted with through calls or texts, along with the locations of cell sites. AT&T revealed in a filing with the Securities and Exchange Commission (SEC) that an internal probe uncovered the data theft in April.

With data security having a direct correlation with building trust, what are some lessons we can take away from AT& Wireless’ breach as we look to strengthen our cloud security defenses?

Todd Moore

Thales’ Global Lead for Data Security.

Beyond a Regulatory Requirement

This recent third-party breach is a reminder that compliance with cybersecurity standards is not just a regulatory requirement but a foundational requirement for safeguarding all sensitive data. In fact, Thales’ most recent Data Threat Report found that companies failing compliance checks were ten times more likely to suffer a data breach than those who passed. More specifically, 84% of those companies reported having some breach history, with 31% saying they experienced a breach in the last 12 months. The correlation is clear: compliance goes hand in hand with robust cybersecurity.

Rather than viewing compliance as a tick-box exercise that can be completed annually, businesses with truly robust security will evaluate their security posture on a continuous basis. That way, they can regularly assess and audit their defenses and change how they’re authenticating their systems and data accordingly – not only in line with new compliance, but also in response to evolving threats.

Think Beyond Yourself: The Supply Chain

No business operates within a silo – they rely on contractors, suppliers, and vendors across different departments to function. But this interdependence also means a host of other stakeholders are connected in some way to the business’ network. This means that even if your own security measures are robust, third-party vulnerabilities within the supply chain could be where you fall short should bad actors use them as a gateway to you. In fact, this is exactly what happened in AT&T Wireless’ case, with the breach being that of a third-party’s software.

In addition to strict access management to segment access to sensitive data, suppliers should also be assessed on their own security. Mandating cybersecurity compliance will help you have a clear picture of whether stakeholders have the required measures rolled out, and if they can be considered a trusted supplier. The security of those in the supply chain should also be taken into account when conducting business risk assessments, when monitoring for threats, and when undertaking tabletop exercises to simulate attacks.

Understand your Data

Understanding what data exists in your network, such as phone numbers in this instance, may seem a basic step, but it’s an essential one to truly comprehend the risk landscape.

It’s wise to first conduct an audit to know what data is in your care, where it sits, and what protections are in place to safeguard it. From there you can classify assets based on their risk status, assess any current vulnerabilities and potential risks at play, and address weaknesses in your data protection mechanisms.

Prioritize Robust Defenses and Proactive Monitoring

Strong encryption, regular software updates, multi-factor authentication (MFA), and an identity management system are just some of the fundamental measures organizations need to take in order to mitigate the risk of breaches and leaks. And concerningly, less than 10% of enterprises said they have encrypted 80% or more of their sensitive cloud data, showing just how important widespread encryption is for data at rest or in transit. But having strong defenses in place is only one part of the solution.

With human error being a leading contributor to cloud data breaches, ongoing behavioral or posture monitoring is another fundamental line of defense to take should a threat actor get a hold of credentials. This proactive approach will automate the detection of non-compliant, risky, or suspicious data access behavior, defending against intrusions.

Security-by-Design

Cyber threats are constantly evolving, and the only way organizations can stay ahead is by adopting a security-by-design approach to cybersecurity, where security is integrated into every phase of system development. This proactive stance ensures that vulnerabilities are addressed from the outset, reducing the likelihood of exploitation, rather than retrofitting new measures into legacy software and hardware.

This approach should form part of a wider security-in-depth strategy, which includes multiple layers of security measures such as MFA, encryption, and continuous monitoring to provide an extra layer of protection. Relying on a single point of failure is dangerous for any business protecting critical information. Instead, organizations should diversify their defenses so that multiple points of failure must be compromised for a bad actor to gain access.

Final Thoughts

We are seeing a huge uptick in companies being targeted for their sensitive data. AT&T Wireless joins a growing list of large enterprises that have contended with cybersecurity breaches over the last few years – and sadly, they won’t be the last. But we’re at a juncture where there are actionable steps to be taken to mitigate those chances. Approaches must be muti-faceted, proactive, and ever-evolving.

And there’s good reason to act now - beyond the financial implications of such breaches, or loss of valuable IP, the reputational damage and knock-on loss of customer trust should not be underestimated. While security can empower businesses to build up that consumer trust, instances such as the AT&T breach show just how easily trust can be broken, and reputations can be damaged.

We list the best patch management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Todd Moore, Thales’ Global Lead for Data Security.