Sebastien Cano | SVP, Cloud Protection and Licensing, Thales
Recently, major data breaches at accounts with Snowflake highlight how something as easy to implement as Multi-Factor Authentication could have helped prevent unauthorized access to millions of data records. There were signs that something was afoot with Snowflake accounts as the Australian Signal Directorate issued an alert about increased cyber threat activity targeting Snowflake customers.
In response, Snowflake issued recommendations to help organizations prevent similar breaches. According to Snowflake’s joint statement with cybersecurity experts, Mandiant and CrowdStrike, the breaches appear to be a targeted campaign directed at users with single-factor authentication where threat actors have leveraged credentials previously purchased or obtained through info stealing malware.
This blog emphasizes the importance of a holistic data-centric security approach beyond just MFA and explores how cybersecurity solutions should be deployed to mitigate similar breaches by addressing the critical fundamentals of data security: Understand Your Data, Control Access to Your Data, De-Risk Your Data, and Protect Your Data.
1. Understand Your Data: Classification and Audit
Data discovery and classification tools can identify and categorize sensitive information, ensuring appropriate protection measures are applied. By implementing classification solutions, businesses can:
- Identify sensitive data within their databases and applications.
- Apply appropriate access controls to sensitive information, reducing the risk of exposure.
2. De-Risk Your Data: Data Risk Analytics Monitoring & Threat Intelligence
Data risk analytics, monitoring, and threat intelligence complement these tools and provide an extra layer of security by providing continuous monitoring and risk assessment of sensitive data. It helps identify unusual access patterns and potential threats in real-time.
This proactive approach helps organizations to:
- Analyze user behavior to identify deviations from normal patterns,
- Provide risk scores for data assets, enabling prioritized response efforts,
- Identify and respond to threats before they can cause severe damage, and
- Leverage global threat intelligence to stay ahead of attackers.
After investigating the suspected IPs listed in Snowflake’s recommendations, we found that many of them are listed in our Imperva Threat Intelligence Reputation, which could have been used to detect these incidents ahead of time.
3. Protect Your Data: Encrypt Sensitive Data
The best way to protect sensitive data is to attach security directly to the data itself with encryption. This makes it useless if perimeter defenses are compromised and sensitive data stores are accessed. It is important to encrypt sensitive data in every state: at rest, in motion, and in use. Key encryption features that should be used include:
- Transparent encryption for databases and files, and granular encryption policies tailored to specific data types and regulatory requirements.
4. Control Access to Data: Multi-Factor Authentication
Snowflake’s recommendations emphasized the importance of identity protection, such as Multi-Factor Authentication and Single Sign-On, that provide robust security access controls for user accounts. These solutions could have prevented unauthorized access by:
- Requiring multiple forms of verification for user authentication, making it more difficult for attackers to compromise accounts.
- Simplifying access management with SSO, reducing the risk of password fatigue and related vulnerabilities.
Conclusion
The recent breaches of Snowflake accounts underscore the need for robust cybersecurity measures. There are four core fundamentals that are the foundation of any data security framework: Understand Your Data, Control Access to Your Data, De-Risk Your Data, and Protect Your Data.
From data classification and encryption to identity protection and threat intelligence, these solutions provide comprehensive coverage to safeguard against evolving cyber threats. By following these recommendations and leveraging advanced security technologies, organizations can better defend themselves against future breaches.
Learn more about how Thales and Imperva can help you prevent breaches like Snowflake in the future, or protect your sensitive data for free with our CipherTrust Platform Community Edition.