Welcome to our fully functional beta site. We welcome all comments
informed!
The Informatica blog - Authored by Claudiu Popa

Will 2011 be the year big name companies got owned?


phishingThere’s little sense in waiting until the end of the year. We know that the headline will likely say something to that effect. The question is, why now?

Comodo is known for their free Windows firewalls. The company has seen its digital certificate process compromised to the point where their digital certificates, built into all Web browsers, could no longer be trusted. A simple breach exposed millions of users, embarrassed the company and tarnished an already shaky public image.

RSA, the paragon of security thanks to its ubiquitous password tokens, has seen a key piece of its access control mechanism breached. In so doing, hackers have technically compromised the security infrastructure of tens of thousands of organizations that depend on these systems for verifiable protection. Again, what could be simpler than a phishing attack? All it took was one employee clicking on email-borne malware to install a remote access tool. But can we really blame the access compromise on a single user error at the world’s leading access control company?

Speaking of phishing, the client contact information of such notable enterprises as Citigroup, JPMorgan Chase, Best Buy, Disney, Ritz Carlton, Marriott, Barclays PLC, US Bancorp, McKinsey & Co, Walgreens, TiVo, Capital One, HSN Channel, Hilton Hotels, Verizon, Kraft Foods, AstraZeneca and some 5900 colleges, universities and schools has been compromised in one fell swoop by a breach of Epsilon, a prominent marketing firm with some 2500 big name clients. The individual email contacts in the databases of those organizations are now exposed to spam and phishing attacks that could result in embarrassing compromises all around for years to come. For its part, Epsilon sends out more than 40 billion emails annually and is considered the world’s largest permission-based email marketing company.

Other companies that have fallen victim to similar incidents include TripAdvisor, Play.com, McDonald’s, American Honda Motor and DeviantArt. There has clearly been no shortage of spectacular breaches, and at least some of the perpetrators aren’t altogether shy about their exploits. The brazen attacks are reminiscent of the ‘90s hackers, but with a definite profit motive similar to the new cybercriminals of the ‘00s. It’s an interesting mix and a sign that things are changing. But for now, a lot of big name companies are licking their wounds and they have mostly themselves to blame.

On a positive note, these breaches may be only the tip of the iceberg, but at least these firms are sometimes able to detect them. Most organizations that report no breaches - 70% feel that their companies are well or very well protected against hackers - may not be as vigilant about monitoring and detection, two critical aspects of security that should absolutely complement preventative measures.

In the early 1920s, the Enigma machine was a portable encryption machine with rotor scramblers used for encoding and decoding confidential messages....
Bleeding hearts unite, the OpenSSL Heartbleed bug threatens to impact user privacy and business security online. There's a new security vulnerability in town. It's not even that new, we just didn't know about it until now. But it's a whopper and it threatens to i...
Independent risk assessments are the most basic best practice in business.Security is about risk. And risk is about numbers. Given the high probability of suffering data security and privacy breaches, is it any wonder compan...
Netflix just the latest brand used in wave of phone text support fraudEver wonder what the use of stealing millions of email addresses is? All those often downplayed, 'low sensitivity' data breaches have massive potent...
Layered SecurityI'm often surprised at the public's disappointment with the realization that security processes are not directly analogous to the medical notion of im...
Target breach will have serious consequencesThis past Christmas season hasn't been kind to the Target chain of retail stores nor to its brand. A brazen attack took place in December that affecte...

Welcome to Informatica

Be Secure.

Be Trusted.

Follow us on