What Major Data Breaches Can Teach Us About Layered Security

Recent data breaches at Ticketmaster and Santander have underscored the critical vulnerabilities that exist in enterprise data security strategies. These haven’t just interrupted operations – they’ve impacted hundreds of millions of customers, eroding trust in well-known and widely used brands. This is particularly pronounced for Ticketmaster, given the company’s recent headlines.

Since before Immuta existed, we’ve witnessed the profound consequences that such breaches can have. It’s not just the organizations involved that face the fallout, but also the individuals whose personal information is compromised. And, as these latest incidents and many others show, it’s not a lack of resources that’s causing sensitive data to slip through the cracks. Some of the largest and most beloved enterprises have been hit with massive penalties for failing to effectively secure and monitor their data.

The commonality between these breaches is the urgent need for a more comprehensive approach to data security – one that doesn’t rely on a patchwork solution, but instead treats security and governance as a full-spectrum function that covers the entire data lifecycle.

So, what went wrong at Ticketmaster and Santander? And more importantly, how can you protect your company against such breaches? It comes down to having multiple lines of defense – including activity monitoring – and staying vigilant, regardless of how confident you are in your data security strategy.

Data Breaches Impact Business Results

Customers trust companies with their sensitive information in order to receive better service and experiences, expecting that it will be diligently protected. When that trust is broken, every level of the organization feels the repercussions. From legal penalties and regulatory scrutiny to a loss of customer confidence, the fallout can be devastating and long-lasting.

According to Security Magazine, two-thirds of consumers in the U.S. wouldn’t trust a company that experienced a data breach, with 44% correlating breaches to a lack of security controls. Regardless of whether or not you have multi-factor authentication (MFA) in place – especially as MFA fatigue attacks become more prevalent – data security isn’t one-dimensional. A single line of defense is inadequate. To meaningfully reduce risk of data breaches, you need multiple lines of defense. This way, many people, processes, and platforms will need to fail simultaneously for an attack to succeed.

On top of that, threats aren’t identical. If they were, there wouldn’t be an entire industry built around securing and governing data. When it comes to data security, you need to expect the worst, then prepare for it. The question we often get asked is – how?

4 Strategies to Mitigate Data Breach Threats

Despite the advanced nature of the attackers behind the Ticketmaster and Santander breaches, there are ways to prevent – or at least mitigate – unauthorized data access and theft. Beyond conducting a risk assessment and implementing a multi-factor authentication tool to verify users’ identities, you must de-risk data at every layer and touchpoint. These are the four most impactful strategies to minimize threats.

Proactively Monitor Data for Anomalies

The most immediate action you can take against data breaches – whether you’ve experienced one or are proactively trying to avoid one – is to review data activity and systematically establish data monitoring. This is a gap for many companies, but one that should be considered a must-have in today’s environment.

Without proactive data monitoring and anomaly detection, your risk of a data breach increases with near certainty. This puts the onus on your access control framework to always work as intended, no matter what. And, like MFA, this single line of defense isn’t impenetrable.

Even if you have monitoring processes in place, if they’re managed manually, you’re still at risk. A proliferation of data users, sources, regulations, and threats makes it virtually impossible for human management to effectively keep up – let alone avoid breaches. Automated activity monitoring, supplemented by human oversight, is a necessity in order to truly mitigate threats at scale.

Whether risks are internal or external, targeted or inadvertent, continuous monitoring helps identify unusual activities in real time. In the case of Ticketmaster and Santander, proactive monitoring could have flagged an unusually high volume of access to customer, employee, or bank account information within a given time frame by a specific user or group of users. Had these teams been equipped with dashboards that automate activity reviews on highly sensitive data, they could have addressed the attacks earlier and potentially mitigated some of the damage.

Key aspects of effective monitoring include:

  • Continuously monitor usage: Analyze user activity and system logs on an ongoing basis to detect anomalies and ensure data is being used appropriately.
  • Leverage behavioral analytics: Use advanced analytics to understand normal user behavior and identify deviations that may indicate a security threat.
  • Establish automated alerts: Set up automated alerts for suspicious activities or behaviors, so you know when immediate attention is needed.

As retrieval-augmented generation (RAG)-based AI applications and open-framework LLMs become more ubiquitous in day-to-day business environments, data monitoring will become even more critical to ensuring that sensitive data isn’t inadvertently exposed by internal users or accessed by bad actors.

Read more about how Immuta secures RAG-based applications here, and see how Immuta Detect automates data access and activity monitoring here.

Centralize Security & Governance

A robust data security strategy ensures that even if one layer of the data ecosystem is compromised, others remain in place to protect critical data. But if your tools and users are operating in silos, or if policy enforcement and monitoring are being done on an ad hoc basis, you’ll never truly and effectively be able to protect your data.

This is why centralizing policy authoring, management, enforcement, and monitoring across all platforms is the best route to achieving comprehensive security and governance. Relying on platform-native tools leads to inconsistent enforcement, and DIY solutions are too time- and resource-intensive to manage at scale – leaving your systems vulnerable. Managing security in a single location puts you in a better position to identify and respond in real time to anomalies and threats, before they can spiral into full-blown data breaches.

Adopt the Principle of Least Privilege

The principle of least privilege (PoLP) mandates that users should only have the access necessary to perform their specific job functions. This approach minimizes the risk of accidental or deliberate data misuse by limiting access to sensitive information. Excessive privileges can lead to significant security vulnerabilities, as demonstrated in many high-profile breaches.

By implementing PoLP, you will:

  • Reduce the attack surface, making it harder for attackers to gain access to critical systems.
  • Minimize the potential damage if an account is compromised, even if attackers bypass multi-factor authentication or identity and access management systems.
  • Ensure that users cannot access data beyond their scope of work, thereby enhancing overall data security.

In these scenarios, even a failed MFA process would not mean that the attackers would be able to access internal databases. The principle of least privilege is an important de-risking mechanism that should not be overlooked when defining your data security strategy.

Implement Fine-Grained Access Control

Fine-grained access control bolsters the principle of least privilege by allowing you to set detailed and specific user permissions. Granting or restricting access down to the row or column levels helps ensure that users only access the data necessary for their tasks, without hindering their ability to tap into enterprise data.

With fine-grained access control, you’re able to manage user permissions with precision; dynamically determine access based on various attributes such as role, location, and purpose; and improve regulatory compliance by ensuring that sensitive data is accessed appropriately. Automating policy enforcement at query runtime is particularly effective at mitigating data breach threats because access restrictions are informed by context – why a specific user is accessing certain data, at a certain time, for a certain reason. Unusual requests would theoretically be denied and flagged.

To implement fine-grained access control effectively:

  1. Audit your current access controls: Identify areas where permissions can be tightened.
  2. Define clear access policies: Establish rules for who can access what data and under what circumstances, and make sure all stakeholders understand them.
  3. Utilize a dedicated solution: Leverage platforms that offer dynamic access control models, integrating them into your existing infrastructure.


The recent breaches at Ticketmaster and Santander offer valuable lessons on the importance of robust, multi-dimensional data security measures. Immuta delivers an all-in-one, comprehensive approach to data security that de-risks data by allowing you to implement the principle of least privilege, fine-grained access control, and proactive monitoring – from a single platform.

By connecting Immuta with leading cloud providers like Snowflake, Databricks, and AWS, you’ll significantly enhance your data security posture and proactively mitigate data breach threats at every layer – with no impact to users or performance.

De-risking your sensitive data isn’t always straightforward, but it also isn’t impossible. With Immuta’s automated, proactive, and comprehensive approach, we’ll protect our organizations and customers from the short- and long-term effects of data breaches – and tap into new innovations, insights, and successes.

To see how, get in touch with our team.

Start protecting your data from breaches.

Talk with our team.

Request a Demo

Related stories