Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hacked: It could happen to you

Brian Karlovsky | Sept. 20, 2013
There are lessons to be learned from the Melbourne IT hack

The recent Ponemon Institute 2013report showed that on average, Australian and US companies had data breaches that resulted in the greatest number of compromised records (34,249 and 28,765 records, respectively).

Kiandra IT security specialist Daniel Weis said it was a "wake up" call for the industry.

"This incident has reinforced that integrators can no longer maintain the 'It won't happen to us, why would we be a target" mentality?" he said. "Every company, not just resellers, should be concerned about this. Resellers in particular have to take an extremely proactive approach, because we are a prime target."

Threat on the rise
Weis said the threat was "definitely" on the rise. But despite that, most organisations have a major lack of awareness training, monitoring and protection mechanisms, he said.

"No one wants to do business with a company that has been hacked. Sometimes a breach is all it takes to completely destroy a company's reputation.

"The scary reality is you can't stop a hacker, but you can make it as difficult as possible for them to compromise your organisation with a multi-layered approach to mitigate security breaches, including intrusion prevention systems, security assessments in addition to the more traditional anti-malware and filtering solutions.Incident Response and containment should also form a major part of IT security policies.

IDC analyst, Vern Hue, said, while there was bound to be "finger-pointing", now was a time for the industry to examine its security posture and to make sure the relationship between vendors and resellers remained a stable and co-operative one.

"Needless to say, Melbourne IT has a lot to answer for and it will need to re-examine a lot of its policies," he said. "However, there is a lot of reputation at stake here and attacks like these are not unique to Melbourne IT and it won't be long before there is a similar case so we really need to be vigilant here. Remember, your IT security is as strong as your weakest link."

However, in the information security domain, vendor/partner security has always been a weak point in overall security, according to Southern Cross Computer Systems, consulting services general manger, Ashutosh Kapse.

"The partner is a 'trusted' entity by the target organisation and sometimes can work as an 'easy' point of entry," he said. "This incident has resulted inhighlightingthe issue and giving it prominence. Resellers generally hold at least some critical customer data on their networks — this could range from customer network details, IP addresses,configurationdetails, architectural diagrams and so on. All of these could be used by hackers to perpetrate further attacks.

Independent audits
"The solution providers should also welcomeindependentaudits of their security by the client."

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.