Targeted attacks are growing as companies build storehouses of data – something every company seems to be doing these days. If you’re working with larger accounts, find the assets. Where are these storehouses, what do they contain, and who controls access – can they detect and respond to a breach?
Just another example in today’s USA Today – http://www.usatoday.com/tech/news/2009-01-27-monster-data-hackers_N.htm – with Monster’s job search site. Britain alone reports 4.5 million British citizens exposed (no mention of other nations on this hit). This site, along with other resume posting sites contains all kinds of great information that can be used to compromise one’s identity. Note, these sites also contain all of the data needed to understand a company’s computing environment, as well as providing contact information to an insider that isn’t necessarily loyal to the company; i.e. a potential partner in crime.
How can the data be used? Well, the hacker now has access to information associated with both job seekers and potential employers. As I’ve mentioned in previous posts, storehouse type data is being gobbled up all over the world by hackers who are exploring new ways to correlate data to be used in schemes yet to be devised. This may include access to bank accounts, corporate accounts, and various forms of fraud and ID Theft.
What company can afford this type of press in a down economy? Use these sound bites to grab the attention of asset owners. Asset owners are liable, care about the company’s reputation, and either approve, or greatly influence company spending.