It was recently reported that Chinese cyber-spies hacked U.S. defense contractor QinetiQ North America’s computers for three years. These hackers compromised most (if not all) of the company’s research, including work on secret satellites, drones and software used by U.S. Special Forces. According to a Pentagon spokesperson, the Pentagon is now working closely with QinetiQ to determine the exact scope of the breach. The unfortunate situation that QinetiQ faces is one that other companies and government can expect with greater
Turning data into information in the shortest time possible enables our customers to make decisions that generate profit, and in some cases, protect our nation’s interest. Because of the value of these customers’ information, it is essential to protect it via encryption. Many of us are familiar with encrypting data in transit with SSL and other technologies to protect data in fight from compromise. Many customers are now finding it essential to encrypt data at rest or data stored on
A couple weeks ago, I shared two important lessons information security professionals could learn from Yahoo’s recent data breach. I wanted to highlight another “honoree” that reminds us that data breaches can have an adverse impact on any organization. In October, the state of South Carolina revealed it had been the victim of a data breach that resulted in the exposure of more than 3.8 million taxpayer records. Compromised data included social security and payment card numbers. While almost all
The Institute of Electrical and Electronics Engineers (IEEE), one of the leading standards-making organisations, suffered the consequences of some sub-par data security practices this week as it emerged that 100,000 member usernames and passwords were found in plain text on a FTP server. A (luckily) well-intentioned researcher demonstrated that, once again, the need for better data protection measures at the server level had failed to be addressed. This incident in particular displayed two significant issues: firstly the IEEE didn’t consider
A recent article by Eric Lundquist titled “5 Black Hat Security Lessons For CIOs” of Information Week lays out important security lessons for CIOs. Among the five lessons, one strikes a particular chord – “Understand What you are Protecting.” On the journey towards sensitive data protection, the starting point must be an understanding exactly what comprises sensitive data for your organization. Data is the lifeblood of most, if not all organizations. A threat to the data often constitutes a threat
It’s now a week since web giant Yahoo suffered a reported breach of its systems. Whilst the company has remained tight lipped over the event, several sources cited hacking collective D33D as the perpetrators of the incident and stated that an SQL injection attack opened access to close to half a million unencrypted user passwords from a Yahoo web database. The very fact is, this isn’t the first large brand that we’ve seen fall victim to a security breach, and
The explosion of data available today has been both a blessing and a curse to enterprises in all verticals. The ability to collect, store, mine, and analyze huge quantities of data has changed the way that companies do business, providing a competitive advantage to those companies that can best leverage their big data. According to a report by Mckinsey Global Institute, “a retailer using big data to the full could increase its operating margin by more than 60 percent.” Such
LinkedIn announced this week that almost 6.5 million passwords associated with user accounts had been compromised. The LinkedIn Social Network breach was discovered when the passwords were posted on a Russian forum by the alleged hacker. According to reports, the passwords were hashed using SHA-1, a frequently employed hashing algorithm developed by the NSA. So, how would passwords that are seemingly protected using a secure hashing algorithm be compromised? SHA-1 is typically thought to be a secure algorithm, but best
While US companies have spent much of the past decade on protecting financial, health, and other regulated data, some countries have been slowly penetrating networks and stealing corporate secrets from US companies. In an attempt to protect America’s trade secrets, the US Government has begun taken action. On April 15, 2011 the 112th session of US Congress held a hearing titled: “COMMUNIST CHINESE CYBER–ATTACKS, CYBER–ESPIONAGE AND THEFT OF AMERICAN TECHNOLOGY” in which they identified China specifically as one country that
In the current data security environment, encryption is often touted as the grand cure-all. Simply implement an encryption solution and your data security woes will be behind you. While encryption can be a powerful tool in the data protection arsenal, assisting companies in achieving regulatory compliance as well as offering a high degree of protection to sensitive data, it must be done in a strategic manner. Encryption as it’s been adopted today is more often implemented as a point solution,
Recent Comments