How the second LastPass breach could have been prevented

LastPass is one of the most trusted web services today that people use every day, assuming it will never get hacked. That's pretty much the point of password managers, right? Well, not exactly. After all, the customer vaults are encrypted using encryption which only the individuals themselves can open. But with additional carefully sophisticated attacks on LastPass, such as brute-forcing encryption or using commonly used passwords, the second breach does seem a bit more painful to its users.

But how could LastPass have avoided the damage from the breach? It is no longer a question of whether or not companies will be breached. It's a matter of when. And when it does happen, the best and only thing you can do is make sure that your most precious data is safe.

There are many questions that arise from the breach: Did the company's security team understand the sensitivity of the backups that were stored in the external backup service? Were the external backups actually needed? Did the user who had access to the backups actually need that access? How many other users in the organization have access to such sensitive data? And which other third-party providers potentially have access to sensitive data?

These questions are all related to a term called "Data Hygiene", a practice that enables organizations to prepare for the worst day - the day the company gets hacked. If your organization has good Data Hygiene, it means that the incident will probably not evolve into a severe data leak.

Data Hygiene means that:

1. All sensitive data is being tracked at all times (as well as the reason for holding it)
2. Sensitive data is not stored without a reason
3. Sensitive data is not accessible to too many users in the organization
4. Sensitive data is not moving around, being copied, transformed, or partially duplicated around the organization without tracking and for no reason
5. Sensitive data is continuously monitored for abnormal access
6. Sensitive data is stored in safe, secure, and non-vulnerable data stores

To achieve good Data Hygiene, DSPMs (Data Security Posture Management) solutions were created to address the realization that it is extremely hard to keep track of all of these questions outlined above.