Posted on June 10, 2011 by Derrick Pyle
Security breaches, server attacks, data loss. No matter what headline, as you’ll see in this week’s IT Security Rewind post, it appears that hackers continue to follow similar patterns of infiltration and escalation.
Bank + Data Beach = Bad Combination: Banking organizations continue to be increasingly susceptible to data breaches. This week the latest victim was Citi Bank. Initial estimates have found that 200,000 customers are already affected. Despite the size of the breach, there is still no confirmation on the actual attack vector that was used to obtain access, but if you are a betting man (or woman) elevated privileges would be a safe bet.
Stuxnet—Plenty of Holes in This Story. The opening line to this ThreatPost article says it all—“The media storm over the Stuxnet worm may have passed, but many of the software holes that were used by the worm remain unpatched and leave Siemens customers open to a wide range of potentially damaging cyber attacks, according to industrial control system expert Ralph Langner.”
In the piece, Langner proceeds to claim that the media paid too much attention to the zero day Windows vulnerabilities that enabled the worm, but overlooked the other security holes that were exposed and utilized. One of those vulnerabilities that still exist is a hard coded password in Siemens WinCC. If uncovered and exploited, as has all too commonly become the case, this vulnerability can provide an attacker with unfettered access to a system’s network.
Insiders as a First Line of Defense: An interesting study out of the Ponemon Institute found that three quarters of UK organizations have suffered data loss in the past year. While these numbers include data that was compromised due to network attacks, or lost due to stolen equipment, the study does shine light on the lack of enterprise-wide employee awareness of data security best practices. According to the report, 53% of UK respondents surveyed believe their employees have little or no awareness about data security, compliance and policies. This data highlights a greater need for data protection strategies to include an emphasis on user awareness, “as people are often the first line of defense.”
What other security headlines do you think are worth highlighting this week?
Grossly Underestimating the Privileged Account Security Problem Part 3: Automating Privileged Account Management and Cyber-Ark DNA™ (Discovery & Audit)
Posted on May 16, 2013
Grossly Underestimating the Privileged Account Security Problem Part 2: Defining Privilege with Cyber-Ark CMO, John Worrall
Posted on May 9, 2013
Posted on May 8, 2013
Posted on May 6, 2013
Posted on May 3, 2013
AP Hack & Social Media Accounts – Another Great Example of the Danger of Shared, “Privileged” Accounts
Posted on April 25, 2013
Posted on April 1, 2013
Posted on February 22, 2013
DoE Security Breach Proves No Organization is Immune to Advanced Threats and the Privileged “Insider”
Posted on February 15, 2013
Copyright 2013 Cyber-Ark Software - All Rights Reserved