Capital One Breach Brings Cloud Security Into Focus

Everyone is moving to the cloud—including criminals.

The cyberattack disclosed in July by Capital One not only dragged the company’s share price down 6% in intraday trading, but also added further weight to concerns around the increasing reliance on cloud services in the banking sector, and its potential impact on the very stability of financial services infrastructure.

The breach, billed as one of the largest in the world, saw the personal data of more than 100 million people stolen by a software engineer who formerly worked for Amazon Web Services, which hosts Capital One’s data servers.

Capital One is one of a growing number of businesses shifting enterprise software—and sometimes even core banking systems—to externally operated servers and data centers. So considerable is the trend that Gartner predicts global spending on cloud migration will reach $1 trillion by 2020.

The financial sector is frequently cited as being at particularly high risk of cyberattack—nowhere more so than in the US. IBM’s 2019 Cost of a Data Breach Report calculates the total negative impact of a breach in the US to be around $8.19 million, compared with a global average of $3.92 million. The World Economic Forum, meanwhile, predicts global economic losses due to cybercrime could reach $3 trillion by 2020—and it says 74% of the world’s businesses can expect to be hacked in the coming year.

These sobering numbers and operational vulnerabilities have caught the eye of regulators on both sides of the Atlantic. In an effort to maintain continuity and resilience and safeguard security and privacy, the Federal Reserve in the US and the UK’s Bank of England have taken a greater interest in cloud security practices.

Cloud service providers would do well to work with regulators and financial institutions to address vulnerabilities, if the advantages of digital connectivity are to be realized securely and responsibly.