The recent Epsilon Data Breach will have an effect on over 50 businesses including Best Buy, Target, Astra Zeneca, Citi, JP Morgan Chase and Walgreen’s who notified over 2 million customers that their data had been breached. The breach may cost $100 million or more and that is just the cost for the organization responsible for Epsilon marketing. How important is it for Pittsburgh businesses to review how protected they are from a malicious intruder? Surly all 50 of these major banks and retailers were under the assumption that their data was secure. According to David Kane, CEO at Ethical Intruder.
A recent 2011 Ponemon Institute data breach report concluded that the average breach cost per customer record exposed is $214. That may not seem like to much until you have 1000 records of your customers exposed with Personal Identifiable Information, and the resulting financial impact is $214,000 for those 1000 records. Pittsburgh based Ethical Hacking organization Ethical Intruder recommends that companies stop focusing all of their security money on building better walls when they could spend a small fraction of that simply seeing if someone with the skill of a Hacker can actually get in.
When Ethical Intruder talks to businesses they often hear, “we have a department for that,” ”it has not happened to us yet,” or “we have already done a review for the year.” Unfortunately, Ethical Intruder finds that many organizations that have a security policy and feel that they following a respectable plan may actually be using outdated approaches and techniques to analyze a possible breach. The current status quo is to use network based scans, intrusion detection, firewalls, network and infrastructure pen tests to broadly assess vulnerabilities. The problem is the hackers are often one step ahead in regards to personnel, approach and tactics. Today’s hackers are elite software engineers with a very different background.
Even for those companies who say that they have done their due diligence or take the ”it has not happened to me attitude” should consider reviewing their position as a business continuity decision in light of the recent Epsilon attack, the RSA attack, the McAfee attack, McDonald’s Attack, Google attack and others, said Kane. All of these organizations felt pretty comfortable with their security yet there is one common theme. All of these organizations were breached and all of them by Hackers.
In light of the Epsilon breach Ethical Intruder will be offering a complimentary baseline evaluation of hacker vulnerabilities through the end of April for Pittsburgh organizations. The evaluation is for organizations who offer their customers, suppliers or partners a way to connect with them via a web facing application. The evaluation is perfect for the company who feels they have their bases covered and would like to validate that position with a third party. If Ethical Intruder cannot get in, the organization can feel more comfortable with their position. If Ethical Intruder can get in there will be an option to engage and see how deep the rabbit hole gets.
Ethical Intruder has a sole focus of identifying if a customer is secure and then guiding them internally to a secure state. Typically this can be done without additional capital expenditures or long consulting engagements.
Contact David Kane at David.Kane@EthicalIntruder.com or 412-901-0278
- Wave of phishing could follow Epsilon hacking (usatoday.com)
- The Biggest Data Thefts in the Past Five Years (techie-buzz.com)
- Analysis: Epsilon hacking shows new “spear-phishing” risks (reuters.com)
Jonathan runs Visibility Initiatives at the Pittsburgh Technology Council. The Council is the nation’s largest IT trade association with 1,350 members. One of our platforms is to provide visibility to Pittsburgh tech companies and the industry in general.