RSA 2013 was another interesting round of innovations, progressions and revamps. I am always excited to see how the IS community is progressing and changing itself to meet the business and mission needs of its organizations. This year serves as a great example of how the industry is trying to play catch-up to these needs. The “vibe” is that we as professionals aren’t winning, but we haven’t lost yet, and I couldn’t agree more. The show’s theme is “Security in Knowledge,”
The Institute of Electrical and Electronics Engineers (IEEE), one of the leading standards-making organisations, suffered the consequences of some sub-par data security practices this week as it emerged that 100,000 member usernames and passwords were found in plain text on a FTP server. A (luckily) well-intentioned researcher demonstrated that, once again, the need for better data protection measures at the server level had failed to be addressed. This incident in particular displayed two significant issues: firstly the IEEE didn’t consider
A recent article by Eric Lundquist titled “5 Black Hat Security Lessons For CIOs” of Information Week lays out important security lessons for CIOs. Among the five lessons, one strikes a particular chord – “Understand What you are Protecting.” On the journey towards sensitive data protection, the starting point must be an understanding exactly what comprises sensitive data for your organization. Data is the lifeblood of most, if not all organizations. A threat to the data often constitutes a threat
LinkedIn announced this week that almost 6.5 million passwords associated with user accounts had been compromised. The LinkedIn Social Network breach was discovered when the passwords were posted on a Russian forum by the alleged hacker. According to reports, the passwords were hashed using SHA-1, a frequently employed hashing algorithm developed by the NSA. So, how would passwords that are seemingly protected using a secure hashing algorithm be compromised? SHA-1 is typically thought to be a secure algorithm, but best
The recent Blue Cross Blue Shield Data Breach highlights an often overlooked risk to data; that of recycled, or unused hardware which is in storage. In the BCBS example, 57 hard drives were stolen from a secure locker at a former call center location. The theft was not believed to have targeted the data but rather was the result of a burglar looking for hardware to steal and resell. Unfortunately for Blue Cross Blue Shield, the result was the same.
In the current data security environment, encryption is often touted as the grand cure-all. Simply implement an encryption solution and your data security woes will be behind you. While encryption can be a powerful tool in the data protection arsenal, assisting companies in achieving regulatory compliance as well as offering a high degree of protection to sensitive data, it must be done in a strategic manner. Encryption as it’s been adopted today is more often implemented as a point solution,
In the Netherlands this week, Dutch Police arrested a 17-year-old hacker on charges of compromising user data on KPN servers, in addition to damaging the company’s infrastructure. He also took the user data and allegedly sold the information on a website he maintained with another teenager in Australia. KPN is the largest telecom in the Netherlands and as a result of the breach was required to undergo an assessment by the National Cybersecurity Center of the Netherlands, which determined that