Security Specialists Security Breached – from Dale Penn

From Dale Penn, Advent IM Security Consultant..


Advent IM Cyber SecurityThe recent hacks of Bit defender and Hacking Team just go to show that if you don’t address the basics you are going to leave yourself vulnerable to attack.

So what did they do wrong that we can learn from and reduce the risk to our organisations?

Both Bit defender and Hacking team did not protect their passwords properly. Bit defender did not encrypt their customer usernames and passwords which is very worrying! and Hacking team used weak passwords such as “P4ssword” and “HTPassw0rd” on their servers which is unforgivable for a cyber-security firm.

DetoxRansome (the Attackers) claimed that they got control of 2 Bit defender cloud servers as they were using Amazon Elastic Web Cloud which is notorious for SSL problems.

Organisations are overinvesting in expensive technical solutions and not focusing on a holistic layered approach that cover people, policies and procedures. This in my opinion is as, if not more important, then finding the correct technical solution.

Advent IM Cyber SecurityGetting the right information security policies (like a password policy!) and procedures implemented correctly is the corner stone of any information security strategy.

Policies and procedures are vital for the correct implementation of Information security as this is managements chance to formalise their SME’s approach and ensure it is aligned with current business strategy.

Not only do they provide direction and accountability, many specific policy elements are a requirement of specific laws, regulations, and/or standards.

Dale.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s