Klout, IBM, Citrix, Twitter, T-Mobile, Zendesk, Sony, Hootsuite, SurveyMonkey
Other than cloud, what do these companies have in common? They all use MongoDB as a backend database for some or all of their software and functions.
Back on January 5th, it was discovered that 33,000 companies (and the number began climbing rapidly) had been inflitrated via the MongoDB database and their data was being held in ransom. The attack was possible because many of the databases on MongoDB were using lax security practices such as default user names and passwords.
While the businesses named above have top security professionals who meticulously watch over IT security, many small software developers and the businesses they serve do not.
Making clouds...
Custom software developers are good at writing software but many lack the necessary security credentials or staff to develop the software with privacy, security, and regulatory compliance in mind. This can lead to overlooking even the basics because of inexperience or incompetence, placing their clients' data at risk.
When selecting a software developer, it will be valuable to also engage a third-party to audit and oversee security. Such activity is often called penetration testing and it should not be an option if the software will be handling sensitive information or intellectual property (both are highly valued by cyber thieves).
The costs of penetration testing are still high due to supply and demand but they dwarf the cost of responding to and remediating a data breach.
