by Robert Westervelt
Sony has spent $171 million cleaning up its massive data breach. One security firm outlines mistakes.
Spring 2011 has not been good for executives at Sony. Security vendor Lumension Security put together a graphic depicting the timeline of the massive Sony breach. The firm also outlined what it calls missteps that likely cost the firm further embarrassment and money.
Sony’s PlayStation Network was taken down April 20 while a forensics team investigated the scope of the Sony breach. By May 2 the breach affected an estimated 100 million people and spread to its Online Entertainment division.
The firm has implemented additional security measures, but on May 18, the firm discovered a vulnerability in its password reset application causing another short outage.
Sony’s high-profile data breach is one of a slew of breaches that marked the beginning of 2011. Each one casts light on security weaknesses - configuration issues, vulnerabilities and social engineering threats - that combine to give a roadmap to cybercriminals attempting to gain access to systems.
Last month, Mandiant Corp. CSO Richard Bejtlich told my colleague Eric Parizo that it’s time for new innovative approaches to defend against attacks. Bejtlich advocates counter-threat operations for larger organizations that can afford it. Those organizations can go on the offensive to “actively hunt for intruders in their enterprise.”
Others are calling for a renewal of the basics:
Taking these steps won’t stop a determined attacker, but they may stall a cybercriminal long enough for alert systems to flag an anomaly and a response team to isolate and ultimately reduce the extent of a data breach before it spirals out of control.
Kishore Deshpande Joins MIEL e-Security As The Vice President
EFYTimes (press release)
Few years ago, MIEL started off with a Vision to be one of the biggest, pure-play, 360 degree companies in the Infosec domain, with strong value systems, unique business model, high quality deliverables, blue-chip clientele and internal processes. ...
Posted by InfoSec News on May 31http://www.pcworld.com/article/228921/lockheed_martin_bets_big_on_quantum_computing.html
Posted by InfoSec News on May 31May 31, 2011
Posted by InfoSec News on May 31http://www.computerweekly.com/Articles/2011/05/31/246816/Lockheed-Martin-investigates-possible-link-between-cyber-attack-and-RSA-data.htm
Posted by InfoSec News on May 31http://www.theregister.co.uk/2011/05/27/honda_data_breach/
Posted by InfoSec News on May 31http://www.darkreading.com/database-security/167901020/security/news/229700106/survey-breaches-cost-some-healthcare-organizations-100k-per-day.html
Posted by InfoSec News on May 31http://www.informationweek.com/news/security/privacy/229700122
Posted by InfoSec News on May 31========================================================================
Posted by InfoSec News on May 31Forwarded from: Ioannis Askoxylakis <asko (at) ics.forth.gr>