BreachExchange mailing list archives
follow-up (Fidelity): The Cybercriminal Inside
From: security curmudgeon <jericho () attrition org>
Date: Wed, 11 Jul 2007 06:31:18 +0000 (UTC)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.forbes.com/business/2007/07/10/computer-security-internal-biz-biztech-cx_ag_0710mcafee.html By Andy Greenberg Forbes.com 07.10.07 The data breach that occurred at Fidelity National Information Services last week was a security professional's nightmare. And not just because of the amount of raw consumer data spilled onto the black market. By that measure, the 2.3 million users' files that were leaked can't compare with the 45 million customers' account information lost by retailer T.J. Maxx (nyse: TJX - news - people ) just last January. In Fidelity's case, the volume of the theft was less troubling than the source: one of the company's own staff. After the breach, Fidelity revealed that the culprit was an employee at the payment processing company, one whose job granted him access to the company's database. In fact, data breaches that come from internal issues arent unusual. According to Attrition.org's Data Loss Database, 104 of the 327 data breaches last year started inside companies, not in the hands of hackers. And Martin Carmichael, chief security officer at McAfee Software (nyse: MFE - news - people ), says that internal data breaches are more likely than external attacks to reveal key private information. But how to protect servers when every employee is a potential data thief? Carmichael spoke with Forbes.com about Fidelity's data debacle, how that company and other breach victims can recover, and the problem of controlling employees' access to data without paralyzing their performance altogether. Forbes.com: How should a company like Fidelity have protected itself from a data breach? Martin Carmichael: When we look at Fidelity, it's a common situation: Companies are focusing on the perimeter between the company network and the external network. In the press you read cases about hackers and Trojans that come in from the outside and devastate companies. But if you look at the statistics, that's not where the biggest losses occur. More often they happen when an inside person takes assets or information. So many companies are focused on perimeter security, when they should be asking, "What does our infrastructure look like? What are we doing to assure compliance within the boundaries of our firewall?", looking at that internal structure as well as that external structure. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 211 million compromised records in 717 incidents over 7 years.
Current thread:
- follow-up (Fidelity): The Cybercriminal Inside security curmudgeon (Jul 11)