By Claudiu Popa
There’s little sense in waiting until the end of the year. We know that the headline will likely say something to that effect. The question is, why now?
Comodo is known for their free Windows firewalls. The company has seen its digital certificate process compromised to the point where their digital certificates, built into all Web browsers, could no longer be trusted. A simple breach exposed millions of users, embarrassed the company and tarnished an already shaky public image.
RSA, the paragon of security thanks to its ubiquitous password tokens, has seen a key piece of its access control mechanism breached. In so doing, hackers have technically compromised the security infrastructure of tens of thousands of organizations that depend on these systems for verifiable protection. Again, what could be simpler than a phishing attack? All it took was one employee clicking on email-borne malware to install a remote access tool. But can we really blame the access compromise on a single user error at the world’s leading access control company?
Speaking of phishing, the client contact information of such notable enterprises as Citigroup, JPMorgan Chase, Best Buy, Disney, Ritz Carlton, Marriott, Barclays PLC, US Bancorp, McKinsey & Co, Walgreens, TiVo, Capital One, HSN Channel, Hilton Hotels, Verizon, Kraft Foods, AstraZeneca and some 5900 colleges, universities and schools has been compromised in one fell swoop by a breach of Epsilon, a prominent marketing firm with some 2500 big name clients.
The individual email contacts in the databases of those organizations are now exposed to spam and phishing attacks that could result in embarrassing compromises all around for years to come. For its part, Epsilon sends out more than 40 billion emails annually and is considered the world’s largest permission-based email marketing company.
Other companies that have fallen victim to similar incidents include TripAdvisor, Play.com, McDonald’s, American Honda Motor and DeviantArt. There has clearly been no shortage of spectacular breaches, and at least some of the perpetrators aren’t altogether shy about their exploits. The brazen attacks are reminiscent of the ‘90s hackers, but with a definite profit motive similar to the new cybercriminals of the ‘00s. It’s an interesting mix and a sign that things are changing. But for now, a lot of big name companies are licking their wounds and they have mostly themselves to blame.
On a positive note, these breaches may be only the tip of the iceberg, but at least these firms are sometimes able to detect them. Most organizations that report no breaches – 70 per cent feel that their companies are well or very well protected against hackers – may not be as vigilant about monitoring and detection, two critical aspects of security that should absolutely complement preventative measures.
| About the author: |
| Claudiu Popa, is the CEO of Informatica Corporation.Follow him at http://Twitter.ClaudiuPopa.com |
http://www.isaca.org/Pages/Survey-Online-Shopping-Risks.aspx
