Posted on November 21, 2011 by Josh Arrington
The Thanksgiving holiday is a great time to reflect on the things we are grateful for in IT security like data protection, fraud prevention, identity management and other preventative approaches. Here’s our look at the biggest stories of the week, where those approaches may have failed. IT teams take note, don’t let these headlines ruin your turkey dinner:
From Russia, with No Love: According to reports from Wired and CNET, hackers from Russia were able to destroy a water pump at a utility in Illinois by hacking into their SCADA system. This is a disturbing attack, as the hackers apparently breached the network of the company that made the SCADA system, stealing customer usernames and passwords. Worse—this appears to be very similar in scope and process to the recent RSA breach, and it also highlights to continued vulnerability of SCADA systems to these types of attacks (and the importance of controlling privileged access points and hardcoded passwords).
No Safe Space: Details are just beginning to form surrounding new of a Romanian hacker accused of hacking into NASA beginning on Dec. 12, 2010. Authorities claim that the hacker was able to obtain unauthorized access to protected data—an indication that abuse of privileges may have occurred. The hacker, who ended up destroying most of the data, was arrested and charged with multiple crimes.
No One Loves the IRS, Especially the GAO: In broader security news, the Government Accountability Office (GAO) has blasted the Internal Revenue Service (IRS) for failing to implement stronger security measures after numerous reports regarding organizational weakness in internal control over information security. The GAO takes particular exception to the IRS “deficiencies in its controls over access to the automated systems and software applications” and other weaknesses that “increase the risk of unauthorized individuals accessing, altering, or abusing proprietary IRS programs and electronic data and taxpayer information.” If the details are true, it’s quite evident that the IRS is not effectively and proactively managing privileged accounts and identities.
That’s our news for this week—let us know what we missed, and what you are, or aren’t thankful for in the realm of IT security!
Grossly Underestimating the Privileged Account Security Problem Part 3: Automating Privileged Account Management and Cyber-Ark DNA™ (Discovery & Audit)
Posted on May 16, 2013
Grossly Underestimating the Privileged Account Security Problem Part 2: Defining Privilege with Cyber-Ark CMO, John Worrall
Posted on May 9, 2013
Posted on May 8, 2013
Posted on May 6, 2013
Posted on May 3, 2013
AP Hack & Social Media Accounts – Another Great Example of the Danger of Shared, “Privileged” Accounts
Posted on April 25, 2013
Posted on April 1, 2013
Posted on February 22, 2013
DoE Security Breach Proves No Organization is Immune to Advanced Threats and the Privileged “Insider”
Posted on February 15, 2013
Copyright 2013 Cyber-Ark Software - All Rights Reserved