Exxon, Shell, BP, RSA, Epsilon and Sony all hacked. Will 2011 become the year of data theft and digital hacking? Why were these attacks successful and what can we learn from them.
. . . .
[Transcript] Exxon, Shell, BP, RSA, Epsilon and Sony. All targeted by hackers. So will 2011 become the year of data theft, of digital hacking? What’s going on out there?
Don’t you think that these companies tried everything to protect their digital assets? Don’t you think they have big honking fire walls, DMZ and all kind of stuff to prevent against this kind of attacks? The problem is that these companies now days, they have protected themselves very well against the traditional hackers. Against attacking from the outside.
But what they didn’t consider is what happens if somebody get access to inside resources and convince the inside server or inside desktop system to send information out while via http encrypted so it’s not detected at all
In the Sony case, obviously a server was convinced to grab this information and send it out. In the other cases, users have been convinced to click on an attachment and then became somehow a victim and also somebody who was share this information and was sending it out.
So what do we need to do? Do we need to rethink our security Model? Yes I think so. Because all of these instances prove that our standard thinking of protecting with a perimeter defense doesn’t work any more
We really have to look at data access control and data access intelligence. We need to figure out who could assess what and when. And we need to create a frame work of who is to ensure that nothing could happens or in case it happens at least an early warning systems triggers and tells the users hey be careful here’s what’s going on.