A lack of knowledge can, and often will, cause significant issues in the fight to combat cybercrime, especially as hackers work in an opportunistic fashion - identifying vulnerabilities and capitalizing on them. Many might believe that data breaches are simply unavoidable, a sign of bad luck or the like, assuming that hackers are just the smartest individuals on the planet and conduct highly advanced attacks that penetrate even the strongest armor.
Sure, there are plenty of hackers at the top of the industry, developing new methods to infiltrate systems and data of the most advanced and intelligent defense providers in the world, but these do not make up the majority of the cybercrime community. Rather, with studies indicating that employee error has such a high hit rate for data breach, as well as others affirming that the vast majority of security incidents are entirely avoidable, it should be clear that businesses are battling themselves more than anyone else.
Two major breaches recently hit the news, one of which highlighted the dangers of traditional credential controls and shoddy access management, while the other simply illustrates how quickly the biggest breach in history can be overshadowed in the current state of affairs. Decision-makers must become more aggressive, proactive and comprehensive in their security strategies, and remember all of the tools they need to succeed in their fight.
Act 1: A serious slip
Bloomberg recently reported that the major breach took place over the long weekend. involving the exposure of several pictures containing celebrities in compromising positions. The event might have been the direct result of poor awareness among mobile device users. For a little background, someone - or perhaps multiple people - effectively broke into the iCloud storage of countless female celebrities, stole private pictures and posted them to the Internet.
So far, the source explained that Apple officials believe the issue was likely with customers' knowledge of how their storage works, adding that the company has not yet fully taken responsibility for the event. On the other hand, the news provider pointed out that some experts believe it is a far more systemic issue that transcends only one company's shortfalls, tracing back to the ways in which accounts are accessed and users authenticated in the current market.
"Personal questions as a password recovery mechanism is flawed," manager Chris Morales of security-testing and analysis firm NSS Labs Inc. told Bloomberg. "I never use them. If I have to, I don't provide the obvious expected answers to questions like my mother's maiden name, my pet's name or where I was born. If you have a user's email and know a bit of personal history on that person, it isn't that hard to get the password."
According to the source, this is not the first time that very similar oversight or errors have led to such significant backfire against publicly known individuals.
Act 2: An ominous report
Brian Krebs, writing for his Krebson Security blog, recently reported that several banks and others believe Home Depot might have been breached by a significant hack, going so far as to say that the attack might surpass Target's major event last winter in terms of damage and breadth. When the Target breach occurred, it was hailed as being the most devastating loss of consumer information in history.
It should not be surprising, though, that another firm has already stepped into the spotlight, as hackers are moving quickly and retailers appear to be sleeping on the IT security job. Krebs cited the comments of Home Depot spokesperson to highlight the firm's response to the allegations.
"I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate," Home Depot's Paula Drake said, according to Krebs. "Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible."
He noted that the breach is rumored to have originated with a group of hackers in the Ukraine and Russia who are believed to have caused the Target event. Suffice it to say that a change is seriously needed in the battle against cybercrime.
Email security, network monitoring, data center protection services and many other provisions can make a big difference in IT performances and continuity, while business leaders must also supplement these tools with effective training and awareness strategies. At the end of the day, the firms that most swiftly implement these controls will likely be the most successful in safeguarding systems and data from threats.
David Bailey is Senior Vice President at Protected Trust.
Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services. More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.
Comments (0)