Another Brick from the Wall - Leadership thoughts
Jericho Forum
Subscribe to this blog
About Author
The Jericho Forum is an international group of organisations working together to define and promote the solutions surrounding the issue of de-perimeterisation. Members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics. Working together, members drive approaches and standards for a secure, collaborative online business world.
Contact Author
Email JerichoThere goes another 25 million Sony customer records
Once is bad enough. Twice suggests a deeper problem
Published 09:36, 04 May 11
Following on from last week’s Sony PlayStation Network revelations, the company has now admitted losing the details of another 25 million users, this time from the Sony Online Entertainment (SOE) network.
While the data here is said to be outdated (from a 2007 copy of the database), a great deal of the information will still be relevant. People don’t move around all the time and they won’t change their date of birth. Furthermore, the chances are that the direct debit detail will also still be valid. ‘Old’ data doesn’t mean ‘out-of-date’.
Advanced Persistent Threats (APTs), which both of these attacks appear to be examples of, are designed to be long lasting and difficult to discover. The cyber-criminal in an APT attack bides his or her time and siphons off information more slowly, leaving few traces, making it harder to counteract.
In other cases, when a breach has been discovered, the leak still goes back weeks or months. This raises the interesting question for companies - are you currently subject to an APT but just don’t know it yet? Time to revisit audit and security controls, just in case.
Guy Bunker, Jericho Forum board member
While the data here is said to be outdated (from a 2007 copy of the database), a great deal of the information will still be relevant. People don’t move around all the time and they won’t change their date of birth. Furthermore, the chances are that the direct debit detail will also still be valid. ‘Old’ data doesn’t mean ‘out-of-date’.
Advanced Persistent Threats (APTs), which both of these attacks appear to be examples of, are designed to be long lasting and difficult to discover. The cyber-criminal in an APT attack bides his or her time and siphons off information more slowly, leaving few traces, making it harder to counteract.
In other cases, when a breach has been discovered, the leak still goes back weeks or months. This raises the interesting question for companies - are you currently subject to an APT but just don’t know it yet? Time to revisit audit and security controls, just in case.
Guy Bunker, Jericho Forum board member
Print
Email
