- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
NASDAQ Hack Brings Security Issues Into The Boardroom
Details have been elusive thus far, but reports indicate that multiple breaches occurred, resulting in “suspicious files” on the company’s servers. A statement released by NASDAQ assures us that its trading systems and customer data were not compromised, and those in the know tend to agree that infiltrating the trading systems would be substantially more difficult than breaking into the web environment and leaving a few files behind. As the investigation continues, hopefully we'll learn more, but what can we take away from this story so far?
- The list of attractive hacker targets continues to grow. Whoever perpetrated this breach chose not to go after traditionally lucrative targets like customer/employee data or a more difficult and devastating attempt to dismantle one of the world’s biggest exchanges. Instead the target was a more accessible set of extremely sensitive corporate data – details about mergers, acquisitions, dividends, and earnings. Without much sophistication, criminals could use this information to execute rather impressive “insider trading” transactions or simply find an outlet like Wikileaks for some of the more embarrassing tidbits.
- Normal monitoring should have caught this breach sooner. A federal official told the Associated Press that the attacks took place over the course of a year, while NASDAQ’s statement said the files were found through the company’s “normal monitoring systems.” It would appear that the monitoring functions were not as frequent or effective as they should have been.
- The government will get even more involved if there’s a perceived lack of control. While we still don’t know if hackers gained any useful information from this attack, the potential implications touched many of today’s most buzz-worthy topics... investor confidence, corporate oversight, and financial market stability. Legislators on both sides of the house were quick to press NASDAQ and other exchanges, as well as regulators, for more information about what’s being done “to ensure the ongoing integrity and security of exchange trading systems and clearinghouses.” If they don't like the answers, expect more rules and oversight to follow.
- It’s a good time for a heart-to-heart with your board about security. You don’t have to build an horrific awareness campaign about the hackers lurking around every corner... but it’s important for the board of directors to know that their mobile devices, email accounts, and online communications may very likely be a target of attack. Directors and top executives who often expect policy exceptions should understand the potential risks those exceptions expose. Also, it wouldn’t hurt to look into the way your board members communicate to make sure top-level secrets are appropriately protected.
Chris McClean is an analyst at Forrester Research.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Continuous Monitoring and Mitigation -- the New InfoSec Frontier
- RSA Security Analytics Case Study
- VMware Cloud Credits Program
- Insights from the 2013 IBM Chief Information Security Officer Assessment
- Cloud-based Cyber Security: A Hybrid Approach to Threat Detection and DDoS Mitigation IDC Technology Spotlight
- How Identity and Access Intelligence Will Revolutionize IAM
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- Global IT Trends: IT Outsourcing Fuels Business Growth
- Defending Against Increasingly Sophisticated Cyber Attacks
- Rethinking Your Enterprise Security - Critical Priorities to Consider