The news broke this morning that PocketiNet, a Washington state internet provider, left an AWS S3 server exposed online without a password. The information exposed included tens of gigabytes of network schematics, passwords and other sensitive files for at least six months.
Rich Campagna, SVP of Product Management at Bitglass:
“PocketiNet’s AWS misconfiguration is yet another example of how a simple, overlooked problem can expose massive amounts of information, harming individuals and organizations alike. It seems that leaving servers unsecured has become one of the most common security issues and, consequently, one of the most widely targeted vulnerabilities in the enterprise. Unfortunately, organizations of all sizes, especially smaller ISPs like PocketiNet, have limited IT resources in terms of security tools and personnel, making them susceptible to misconfigurations. Despite this, there are tools that can help address this issue. Organizations must adopt solutions that can continuously monitor networks for misconfigurations, enforce data loss prevention policies in real time, and provide user and entity behavior analytics. For organizations to succeed, it is imperative that they implement flexible, robust, cost-effective security solutions.”