Inside the Briefcase

IT Briefcase Exclusive Interview: Keeping Your (Manufacturing) Head in the Clouds

IT Briefcase Exclusive Interview: Keeping Your (Manufacturing) Head in the Clouds

with Srivats Ramaswami, 42Q
In this interview, Srivats Ramaswami,...

IT Briefcase Exclusive Interview: New Solutions Keeping Enterprise Business Ahead of the Game

IT Briefcase Exclusive Interview: New Solutions Keeping Enterprise Business Ahead of the Game

with Sander Barens, Expereo
In this interview, Sander Barens...

IT Briefcase Exclusive Interview: The Tipping Point – When Things Changed for Cloud Computing

IT Briefcase Exclusive Interview: The Tipping Point – When Things Changed for Cloud Computing

with Shawn Moore, Solodev
In this interview, Shawn Moore,...

Driving Better Outcomes through Workforce Analytics Webcast

Driving Better Outcomes through Workforce Analytics Webcast

Find out what’s really going on in your business...

Legacy Modernization: Look to the Cloud and Open Systems

Legacy Modernization: Look to the Cloud and Open Systems

On the surface, mainframe architecture seems relatively simple: A...

Customers of the World’s Largest Organizations continue to suffer from Cyber Attacks

September 11, 2017 No Comments

Featured article by Ivan Gotsko, Independent Technology Author

Every day, there appear new pieces of evidence that the world’s Cyber Security (CS) industry still does not correspond to the required levels of safety. Moreover, there is no agency that would be able to eliminate the detected vulnerabilities and resolve the related problems in tight deadlines. As a result, many people have already become victims of hackers, internet offenders who abuse their financial or personal data for personal benefit or just for fun.

Equifax Case

To be more specific, recently, one of three American credit bureaus, Equifax, announced that it had experienced a data leakage of 143 million American consumers. To understand the scale of the event, it should be noted that the population of The United States is about 320 million people.

By this move, attackers managed to steal the people’s full names, social security numbers, dates of birth, home addresses, and in some cases, license numbers. Although it isn’t the largest theft of data in terms of the number of victims, it can be called one of the worst in history due to the volume of important personal information that was stolen and presumably abused.

According to the findings of the internal investigation of Equifax, the hackers utilized a vulnerability of the American company’s website to access its files. The abusers had used it from the middle of May to July. The company itself learned about the leak on July 29, and since then, it has not seen evidence of the unauthorized activity in its systems.

In addition to general data, hackers also managed to obtain credit card numbers of 209,000 consumers and documents with personal information used in disputes for 182,000 people. But the presence of full names, social security numbers, birth dates and home addresses at the malefactors’ disposal already allows them to impersonate victims to creditors, insurance companies and service providers.

To be more specific, such a huge array of data of 44% of the US population (if subtract children and people without a credit history, the percentage becomes even greater) may be not only utilized by hackers who want to earn but also through the black market in the hands of the intelligence agencies of enemy states. In the next few years, more than half of Americans might experience a significant risk of fraud. “On a scale from 1 to 10, in terms of risk to consumers, it’s 10,”commented the case The New York Times’ analyst, Gartner.

In turn, there are already many claims to the reaction of Equifax to the incident. Although the company hired a third-party cybersecurity firm to investigate the issue, the leak had been silenced for five weeks. However, FBI has been aware of the problem, and since the beginning, it has monitored the situation.

Personal Benefit?

According to Bloomberg, three top managers of Equifax sold shares of the company for $ 1.8 million before having publicly announced the hacking attack. Among them was the company’s chief financier. But Equifax states that at the time of the sale (three days after the discovery of the hacking on July 29) managers did not know about the incident.

In order for citizens to check whether they have been affected by the leak, the company launched the website equifaxsecurity2017.com. Nevertheless, it turned out that it also has a

lot of weaknesses. To clarify, ArsTechnica writes that it uses a stock version of WordPress that does not correspond to the required security level of an enterprise. In this case, users are asked for their last name and last four digits of the social security number. The site domain is not registered on Equifax, thus, its format looks as if it is a phishing site.

Recently, the trailer of the third season of popular series called Mr.Robot, where hackers encrypt the data of the largest corporation about the debts of citizens, was released. And the situation with Equinox looks like its continuation.

Other cases of Cyber Security issues in 2017

It would be appropriate to note that in the last year, it became known about two major leaks of Yahoo user data — by 500 million and one billion users. Also, there were surfaced data of 100 million accounts of the main Russian social network “VKontakte”, which was the result of hacking the site in 2011–2013. But all these leaks released only insignificant information, and in the most cases, the victims had only to change their passwords in the system.

It is necessary to note that by using a bug bounty program, Equifax, Yahoo, and Mail.ru could simply and quickly analyze their systems and detect possible variabilities to eliminate them. It would prevent the risk of data leakage and a threat of losing money by customers. For example, Hacken’s bug bounty program enables companies of various sizes to use services for Ethical Hackers for penetration testing. It can be conducted either in tight or longer deadlines depending on budget and preferences of firms. However, it is a simple and effective method to protect customers and prevent possible hacker penetration.

Conclusion

It is obvious that nowadays when technologies play a fundamental role in business operations and lives of people, and it is a duty of any public or private organization to protect their customers from any cyber risk. Undoubtedly, IT and financial firms are to ensure the highest levels of Cyber Security by means of eliminating any possible vulnerability in their systems and products. Only by this way, the business sector will manage to eradicate Cyber Criminal.

 

 

SECURITY

Leave a Reply

(required)

(required)


ADVERTISEMENT

Gartner Infrastructure


Gartner Application Strategies


IBC 2017

ITBriefcase Comparison Report