IT Security Rewind – Week of February 13, 2012

February 22, 2012 CyberArk

by Josh Arrington

This week’s IT security news coverage was shaped largely by the fall-out associated with Nortel’s 10 year data breach, which has now been attributed by some as one of the primary factors impacting the company’s ultimate downfall, some speculating that competitors were able to gain access to sensitive IP over the course of a decade. Here are several stories we think offer the best perspectives on the breach.

History of a Decade-Long Hack: According to the Wall St. Journal, using seven passwords stolen from top Nortel executives, hackers penetrated Nortel’s computers, repeatedly downloading technical papers, R&D reports, business plans, employee emails and other documents. From our standpoint, this is another high-profile example of the need to better manage and control privileged access. With relative ease, it appears the hackers were able to use the passwords to access the network, then, once inside, elevate privileges in order to access sensitive data and information. From an industry standpoint, Nortel’s ‘inaction’ is inexcusable.

Expect Defenses to Fail: So what can we learn from all this? Information Week published a piece that took a first crack at some answers, “8 Lessons From Nortel’s 10-Year Security Breach.” Some quick take-a-ways? Expect defenses to fail, conduct a thorough forensic analysis and expect greater accountability.

• An Empowering Cybersecurity Bill?: In other news, called “critical” in order to avoid our country suffering a “catastrophic attack,” a bipartisan group of senators introduced long-awaited cybersecurity legislation. According to CSO, this is a comprehensive bill that would encourage the sharing of information about threats and attacks between government and industry. Specifically, the Cybersecurity Act of 2012 would give the Department of Homeland Security power to regulate the kind of company security protections government deems necessary to protect critical infrastructure — such as power and phone companies, water and treatment plants, wireless providers and other companies based on DHS risk assessments.

We’d like to hear your thoughts. What lessons do you think we can learn from Nortel? What are your hopes for outcomes from the Cybersecurity Act?

Previous Article
CyberArk Introduces Version 7 of its Privileged Identity & Privileged Session Management Solutions
CyberArk Introduces Version 7 of its Privileged Identity & Privileged Session Management Solutions

by Josh Arrington CyberArk explains how it is helping enterprises meet today’s advanced security challenges...

Next Article
IT Security Rewind – Week of January 30, 2012
IT Security Rewind – Week of January 30, 2012

by Josh Arrington At CyberArk we don’t typically like to brag about our achievements, but we have had such ...