How Security Leaders at Starbucks and Microsoft Prepare for Breaches

Executives discuss the security incidents theyre most worried about and the steps they take to prepare for them.

In todays increasingly crowded threat landscape, it can be difficult to determine which threats companies should prioritize. For those who are stuck, its helpful to consider what major organizations are worried about and the steps theyre taking to combat those types of attacks.
This was the premise behind Preparing and Responding to a Breach, a panel that took place at last weeks RSA Conference in San Francisco. Security leaders from Starbucks, Microsoft, WhiteHat Security, and SecurityScorecard discussed the lessons they learned from the many breaches that took place in 2019 and how they plan to learn from these incidents to defend against threats of the future.
Last year brought 5,283 security breaches, said moderator John Yeoh, head of research for the Cloud Security Alliance, kicking off the panel. Organizations collectively lost 7.9 billion records, he said, and incidents indicate the same things that are happening over and over again. What types of attacks were most frequent, he asked, and what did organizations learn from them?
As far as types of attacks we see, [they] generally tend to either be application security attacks, phishing attacks, misconfiguration of cloud environments, these kinds of things, said WhiteHat CTO Anthony Bettini. And while these threats are old news to security pros, his fellow panelists agreed they are also the ones organizations should have at top of mind for defensive strategies.
The reason you keep hearing about phishing from speakers like us … its not because we want to bore you with repetition, said Microsofts cybersecurity field CTO Diana Kelley. Its because phishing still works. Application vulnerabilities, misconfiguration, and phishing are the three areas where attackers are having the greatest success, which is why they should be prioritized.
Some leaders, like SecurityScorecard CISO Paul Gagliardi, are most worried about how attackers use the data they steal. One thing I often see is the somewhat sophisticated criminal groups are starting to use the aftermath of breaches to do even more targeted social engineering or phishing attacks at scale, he explained. Its not just the fact a breach occurred; its that all of our companys data is somehow in there.
Credential reuse is a primary concern for Starbucks global CISO Andy Kirkland, who spoke to a concern prevalent in the retail and hospitality industries. Whenever these credentials become available, we become a place where people want to see if they work, he said. The sharing of usernames and passwords across multiple platforms is a big thing to watch for companies. Cloud misconfigurations, which Kirkland calls the rebranding of shadow IT, are another worry.
Just about anyone can get an S3 bucket and do whatever they want with it; potentially put whatever they want in there, Kirkland noted. The onus is on security professionals to identify these instances within an organization when they happen.
Practice, Practice, Practice
Panelists spoke to employee and customer training strategies, tabletop exercises, and other steps they take to better prepare for security incidents. One key takeaway was the importance of working employee training into the corporate culture for everyone. As organizations change over time, and new people are onboarded, there will be gaps in cybersecurity knowledge.
I have to take cybersecurity training at Microsoft just like everybody else, said Kelley. We dont just assume because somebody has a title, they get to be exempt from that training. She advised annual or biannual security training for all employees. Psychologically, humans are much better at learning when weve got a little bit of an adrenaline pump. If an employee is caught getting phished, they may remember to be more cautious next time.
The best training is in-the-moment training, Kirkland emphasized. While some trainings are done for compliance, the unexpected phishing emails deliver real learning moments.
He also advocates tabletop exercises with all executives in order to plan for cyberattacks. Senior execs schedule a four-hour block during which they create an entire breach narrative. Sometimes, he said, its the first time in a while that leadership has come together to decide how they would respond to a security incident – and the results have had an effect beyond cybersecurity.
The decisions, and the things that theyve learned in those tabletop exercises, have informed the way that we respond as an organization to all manner of incidents; not necessarily those that were cyber-related, Kirkland said. Learning how business leaders collaborate is not only educational for them; its educational for you as a security professional, he added.
Tabletop exercises should inform a standard operating procedure for cyberattacks, said Kelley. Whether its online or printed, every business should have guidance on how employees can escalate potential incidents and how they should respond to them. These procedures dont need to be 100% accurate – after all, every breach is different – but they should provide basic information on which internal and external organizations (cloud providers, law enforcement) need to be notified.
Youd be surprised, with these kinds of activities, how easy it is to forget what needs to be done, she explained. If an employee doesnt know the right information or cant access it, they may have no idea how to move forward in the right direction.
Practitioners also pull lessons from previous security incidents: to inform annual trainings in incident response and business continuity, Gagliardi goes back into historical breach data to assess what security looked like before an incident. Breach disclosure is mandated under HIPAA and GDPR, he pointed out, and there are thousands of breaches that arent publicly reported but are just as significant. Businesses can get a lot of value in lessons from these events.
Related Content:
7 Tips to Improve Your Employees Mobile Security
What Disney+ Can Teach Businesses About Customer Security
Exploitation, Phishing Top Worries for Mobile Users
2019 Online Malware and Threats: A Profile of Todays Security Posture
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
How to Prevent an AWS Cloud Bucket Data Leak
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
How Security Leaders at Starbucks and Microsoft Prepare for Breaches