You can not E2EE the data that was saved in the DB and normal encryption would not protect against this leak.
A real Zero-Trust model (moving away the trust factor of devices in different networks) would be a more suitable protection for this kind of leak. However real Zero Trust also means Identity, Authentication and Authorization on L1, which is hard and expensive … really expensive.
How can companies determine how much security to invest in if they don’t have a security breach to size the impact of said work? /s
Such solutions need to be more ootb. If we can’t trust companies to get configurations right, I sure as shit wouldn’t expect them to get cryptography right.
Well what is worse? Company goes bankruptcy because they lost key versus company leaks your data.
This is why we need better enforcement on management persons to make them pick the encryption risk. If they risk personal liability on data leaks they surely would make a different choice.