AT&T’s recent breach of customer call and text records reminds us again how complex governing and securing data is for companies across every industry around the world. Continuous empathy is needed for these great companies like AT&T and their challenges. This incident highlighted the vulnerabilities of third-party cloud platforms and the need for the data and security communities to become more aligned around protection strategies.
The Breach Overview
Tens of millions of AT&T customers’ call and text message records were compromised, along with many non-AT&T customers. The breach occurred between May 1, 2022, and October 31, 2022, and is attributed to an illegal download from a third-party cloud platform. Again, we are reminded of the risks associated with data storage and access.
The Complexities of Data Management and Security
Managing data is insanely complex. Try to visualize the myriad challenges organizations have to navigate to ensure their data is not only well managed but well protected:
- Volume and Variety of Data: Billions upon billions of data points are generated daily, along with the variety of data types, beings the complexity of maintaining comprehensive oversight.
- Data Silos: Data often resides in various systems and silos, owned by different job functions, adding to the complexity when attempting to gain a unified view of all information and then parsing out the sensitive information.
- Dynamic Environments: The mix of on-prem and Cloud environments adds complexity to data management.
- Third-Party Dependencies: Relying on third-party vendors for data storage and processing can introduce vulnerabilities, as seen in the AT&T breach.
- Regulatory Compliance: Keeping up with constantly changing and growing regulatory requirements country by country, state by state, and by different data types while ensuring compliance adds another layer of difficulty.
Aligning Security and Data Management for Proactive Protection
Security and data leaders need to align, working together to manage data and build a data protection strategy that consists of discovering and classifying sensitive data, maintaining an up-to-date inventory, implementing strong access controls, and monitoring user activity. The same goes for third-party risk management, in which data teams should conduct vendor assessments and ensure security requirements are included in contracts.
The complexities of managing data and overlaying proactive protection measures make them almost overbearing tasks for any organization. They require continuous effort, alignment, and adaptation to the constantly changing threat landscape. The AT&T breach and countless others should be wake-up calls for organizations, convincing them to reassess their data security strategies. Though enterprises have invested heavily in traditional security solutions regarding time, personnel, and money, the focus should be on adopting a proactive approach focusing on the data.
Centralizing Data for Business Value and Security
While the AT&T breach does call out the risks associated with centralized data systems, centralizing data remains crucial for companies aiming to turn their data into valuable business insights. Platforms like Snowflake or Databricks enable businesses to analyze large datasets, derive actionable intelligence, and drive growth. The key is to balance this centralization with robust security measures to protect sensitive data.
Centralizing data allows organizations to:
- Optimize Operations: Streamline data management processes and improve operational efficiency.
- Enhance Decision-Making: Provide a unified data view for better decision-making and business intelligence.
- Drive Innovation: Facilitate advanced analytics and machine learning initiatives to foster innovation.
However, to ensure the security of centralized data, companies must implement the following practices:
- Minimizing Copies of Sensitive Data: Store the master copy and a single backup of sensitive data in separate, secure locations to reduce the risk of disclosure or unauthorized access. Keeping copies to a minimum mitigates the chances of data breaches.
- Implementing Strong Access Controls: Protect centralized data with rigorous access controls and encryption to prevent unauthorized access.
- Regular Monitoring and Auditing: Continuously monitor data access and perform regular audits to detect and respond to suspicious activities.
By focusing on these security measures, organizations can reap the benefits of centralizing their data while minimizing the risks associated with data breaches. This balanced approach protects sensitive data, supporting business growth and robust security postures.
AT&T Customers
It’s safe to assume that almost every AT&T customer's text and call records were stolen. While the customers should be concerned, they shouldn’t be alarmed. They must be aware and on guard for potential phishing attacks, scams, and unauthorized access to their personal information, as the metadata can still be used maliciously. AT&T is a well-known and respected company. If anything, this breach highlights that it can and will happen to any and every company. AT&T can rally internally, create deeper alignments, evolve its data security measures, improve third-party vendor management and potential regulatory scrutiny, and then rebuild customer trust.
The Issue of Ransom Payments
According to SC Media, AT&T has reportedly paid hackers a $370,000 ransom in exchange for deleting the call detail records exfiltrated through a breach of its Snowflake cloud environment in April. Although neither confirmed nor denied by AT&T and the FBI, such a ransom payment raises significant concerns. Paying a ransom encourages further criminal activity and does not guarantee that the data has been deleted. Instead of succumbing to ransom demands, organizations should invest in robust security measures to prevent breaches and mitigate risks without empowering cyber criminals.
While data centralization drives business value, protecting sensitive data requires robust security measures. Minimizing copies of sensitive data, implementing strong access controls, and regular monitoring can help organizations safeguard their information while leveraging centralized data for growth.