Security Specialists Security Breached – from Dale Penn
News and information from the Advent IM team.
- by Ellie Hurst
- Advent IM Blog
From Dale Penn, Advent IM Security Consultant..
The recent hacks of Bit defender and Hacking Team just go to show that if you don’t address the basics you are going to leave yourself vulnerable to attack.
So what did they do wrong that we can learn from and reduce the risk to our organisations?
Both Bit defender and Hacking team did not protect their passwords properly. Bit defender did not encrypt their customer usernames and passwords which is very worrying! and Hacking team used weak passwords such as “P4ssword” and “HTPassw0rd” on their servers which is unforgivable for a cyber-security firm.
DetoxRansome (the Attackers) claimed that they got control of 2 Bit defender cloud servers as they were using Amazon Elastic Web Cloud which is notorious for SSL problems.
Organisations are overinvesting in expensive technical solutions and not focusing on a holistic layered approach that cover people, policies and procedures. This in my opinion is as, if not more important, then finding the correct technical solution.
Getting the right information security policies (like a password policy!) and procedures implemented correctly is the corner stone of any information security strategy.
Policies and procedures are vital for the correct implementation of Information security as this is managements chance to formalise their SME’s approach and ensure it is aligned with current business strategy.
Not only do they provide direction and accountability, many specific policy elements are a requirement of specific laws, regulations, and/or standards.
Dale.