Monday, December 15, 2014

Not very optimistic digital Christmas: security breaches and attacks on privacy

"We are preparing for you a Christmas gift," Guardians of Peace said in a post to both Pastebin and Friendpaste. "The gift will be larger quantities of data. And it will be more interesting. The gift will surely give you much more pleasure and put Sony Pictures into the worst state.”

This cybercriminal group behind the attack on Sony Pictures’s infrastructure is threatening to disclose more confidential information if its demands are not met. This kind of attacks are saddly making headlines today too. Around 1600 (physical and virtual) Linux servers and 811 Windows servers have been violated. About 3000 personal computers of employees in American territory, and 7700 world wide have been compromised. More than one terabyte of private (and sometimes critical) information has been disclosed on file and torrent sharing websites. Even the internal certificate of your company could be already being used to spread self-signed malware.

Actually the cyber campaign against Sony began months ago. Since then, it’s forcing the company to be constantly on alert. In fact, the company has urged media outlets to stop using the stolen information. Not only Sony’s credibility and its business are at stake, but the security and privacy of its workers (and their families).

Is it time to take the security and privacy of your company as a critical business factor? Yes, and two clear facts are the proof of this.

The first of them is the rise of cyber insurance sales, mainly in mature sectors where companies manage lots of confidential information such as the financial or healthcare ones, or even in the public sector. At Hacksurfer they have collected several studies that analyse how has increased dramatically in 2014.

The second one has something to do with the previous fact. Investment on risk and privacy management is increasing indeed. 30% of organizations surveyed by TRUSTe budgeted more than $1 million in privacy in 2014. Now data privacy management is not only something to be considered, but an "important" or "very important" business factor for these companies.

The holidays are just around the corner. At this point of the year companies tend to relax in matter of privacy and use of their internal systems. But 70% of their workers will keep logging into the corporate intranets and networks likely from insecure connections, and even from public devices. This can be exploited by others to compromise personal data of such employees or, as we have seen in the case of Sony, confidential data of the company itself.

In Christmas time, some people will ask Santa to bring them that gadget they are eager to try. If you're a forensic auditor, who loves the world of security and network operation, or just want to have a bit of fun with some friends or neighbors, take a look at the list of devices that the guys from Security By Default will include on their letters to Santa.

Would you write down any one else on the list? Do you plan to order any of them?


Post a Comment