Target Data Breach

Target Data Breach 

A targeted data breach to Capital One has occurred on 19th July and it exposed nearly millions of bank's customer and applicants record. The hackers gained access to credit cards applications from 2005 to 2019. The breach exposed the names, dates of birth, addresses and social security numbers and linked bank accounts. This breach is huge and now they are hiring for the Cyber security operational department.

Capital One Hiring List

Why this Hack Happened ? kind of hack can occurred to every those companies who doesn't have policies to check around security holes in their Infrastructure or their NOC / Cyber security department. Like I have noticed in many companies that there are a lot of Cargo Cult programmers and administrators. So the most important factor to mitigate the attacks is to enhanced the security. NO
The most key factor to mitigate these attacks is to build a policy on the infrastructure that it should be updated / apply security patches after a several time. As well as educate and check the personnel who are managing those infrastructures. Like in Captial One breach the former Seattle technology company software engineer share the information on Github. What are the factor on which she decided to post those information ? She said on twitter she believed her actions were likely to be discovered. "Ive basically strapped myself with a bomb vest, f***ing dropping capital ones dox and admitting it," the message read. "I wanna distribute those buckets i think first."

Build the policy on those factors because this kind of job is frustrating sometimes and we let the information spread by our hands because we doesn't care about the company. So it is also the responsibility of the companies to create a NO-HATE environment.

Like currently I am working in a company which has more than 100+ nodes on Cloud and I know a lot of them has security loopholes which can get them in trouble but the teams are doing nothing. Why they are not checking them proactively ? Because some doesn't have the capability or time to check on all servers because once they deployed it and all services are running smoothly so they don't care. If there are policies in place that can audit those servers and also them then the whole scenario would be different. So on this target data breach these are my suggestion which can overcome the ratio of attacks in the companies.