Tuesday 27 October 2009

When Government is too much like the private sector

The Swiss foreign ministry has been hit by hackers, forcing its computer systems to be shut down for days. Details are still emerging but initial reports point to a computer virus designed to grab specific data that was well hidden on the network. What this attack shows is how attractive government computer systems have become to hackers, which makes sense given the amount of personal and financial data the government houses.

Governments may have fallen behind the private sector in the assumption that the network perimeter approach to protection will keep data safe. Attackers can easily bypass known weaknesses on the perimeter and, once in, use various means to capture information. All governments should assume that their information will be under attack at some point -- be it from individuals or foreign powers. They need to take protection measures that protect the data from inside the perimeter, given the ease with which these weaknesses are exploited. Governments have this protection model in place already, but it is usually reserved for staff or physical assets, and involves additional layers of protection inside the perimeter. The government needs to give its data the same levels of consideration.

That they have temporarily suspended internal access to the internet for the Government departments would suggest that they need to choke off the malware from sending data out. Alas, once a site has got to this state it can be difficult to clean up. Real defense requires preventing the information "misuse" from being established in the first place.

Sunday 25 October 2009

Find a job and lose your identity

Job seekers using internet employment sites have been warned that their personal information has been compromised. The Guardian newspaper's Job site has contacted users posting their details about a breach. The information stolen would be sufficient for a criminal to fraudulently open bank accounts and apply for credit cards. This is not the first time job sites have been hacked with 1.3 million records stolen in this episode.

One of the key functions of job sites is to act as a trusted intermediary between those with jobs and those without – acting like a matchmaker. Discretion and confidentiality are taken for granted. Perhaps it is time for websites to make it clear to users that the site provides no guaranteed care of the sensitive information users are asked to entrust.

In the current job climate, it is careless for organizations to put any data at risk, let alone that of their customers’ future employees.

Friday 16 October 2009

Oh no, not again: Data breach phase two

It appears that US-based payroll services provider PayChoice has experienced the second phase of a very coordinated data attack. Last month, the company experienced a breach in which customer user names and passwords were stolen, and it appears that this information was used to trick customers into downloading malware. The download allowed criminals to add fraudulent employees and associated payrolls to the accounts of PayChoice customers. The details of the second phase of the attack are still emerging, but what happened at PayChoice shows the need to have added protection around sensitive data, even from people who are seemingly authorized to use it.

Once criminals have access to an account via an authentication method, they can manipulate the data as though they were a trusted user. Many times, the activity is not caught until well after the breach or theft has occurred because the system is operating under the assumption that it is getting orders from an authorized user. What PayChoice points to is the need to have a granular view of what is going on with data at all points and for all transactions.

With the proper controls in place, PayChoice would have been alerted to suspicious activity – in this case, apparently adding false employees to payroll accounts – and had the ability to block it.

Wednesday 7 October 2009

The dirty little secret your bank may be hiding

This summer Actimize found that nearly 80 percent of financial institutions worldwide say the insider threat problem has increased in the wake of the economic downturn, with only 28 percent of the banks surveyed not suffering an insider breach. Surprisingly, the majority of the breaches are coming from what the industry calls “trusted insiders,” full-time employees with access to data. Interesting also is the fact that the recession has caused many employees to cross the line. Some are in financial need, and others are resentful of longer hours or expanded job responsibilities due to lay-offs.

The typical response – reduce access to sensitive data – is difficult to do in the financial services industry, in which access to customer and company information is a necessity to do most jobs. The answer needs to be broader and needs an accompanying change in attitude. Banks, like any organization, should assume that their data is under threat from insiders and should take steps to ensure their protection measures are in line with this thinking. Some examples would be blocking large amount of data downloads, stopping downloads during off-hours, and preventing certain types of changes. The technology is there and, unfortunately, today’s threat environment demands this level of protection.

In these tight economic times, organizations must not take extra risks by reducing IT security budgets.