A year without data breaches; that is not possible. However, last year we have seen more than 90 percent drop in the amount of data stolen compared to the year 2009. You would be wondering how did it happen and why such a large drop in number. Basically, there are two reasons; first there are no mega breaches that happened last year, which resulted to huge theft of data and information. Second reason is that companies have seen the value of shifting data and they have applied it with their systems.
However, this article will not focus on those reasons; rather this article will focus on some of the data breaches last year and what we should learn from them.
Federal Aviation Administration
Sometimes data breaches happen to companies because of their employees. The damage will not only result in to outward damages but it will also leave an impact within the company. The employers are responsible for the private records and information supplied by their employees. Last year there was one big incident that led to loss of 3 million confidential records due to employer mishap and that was the Federal Aviation Administration or FAA. Back in June 2010, FAA published a report about their security findings conducted by graduates of master’s degree in information security.
The private information of their employees, which include the numbers of their social security as well as healthcare information were available to many hackers in the hacker industry because of their former staff. That staff installed malicious code in the system of FAA. When compared to 2009’s biggest data breach, FAA’s breach was way smaller; still the information gathered is damaging. Who knows what the hackers did with those information.
So what was the lesson learned? The data must be accessed by authorized personnel only. It should be blocked from former employees and the data must be limited to only some people in the company. Illegitimate application must be blocked and tougher security measures must be undertaken to block any unauthorized process.
SQL Injection 2.0
Sooner or later all web-based application will be hacked. Back in August last year, more than one million websites were affected by a series of mass SQL injection. This attack will let the hacker insert malicious codes or scripts into vulnerable websites. Once an internet user will visit the infected site, the script hidden on the web page will install a malware on the user’s computer. This sort of attack happens every year and automation is a hacker’s best friend. This case, Google served as the automation to search vulnerable internet sites and also serve as the platform to launch the attack.
It is the responsibility of the internet site and its server to provide safety for their traffic – which in most cases human visitors. A website known to have malware will prevent internet users from viewing the site or even conduct business transactions with that company. Even if companies find ways to secure their online applications by hiring master’s degree information security graduates; there are still gaps that hackers can exploit.
Thus to be able to provide more safety for their viewers, companies must protect their website. They have to block any requests that appear malicious. There should be virtual patching to deter hackers to exploit a website’s vulnerability.
Network Solutions Widget
Who knew that hackers would even target small and medium enterprises? Summer of 2010, the company Network Solutions reported that they have found a malicious code in their systems which appears as a building widget. The widget promises small business owners to build their very own site. Because of this, millions of websites were infected by this widget. The breach had 2 interesting facts; first the hackers made use of a simple application and the second is that Network Solutions never learned. As the saying goes, “lightning may strike twice”.
The lesson learned by many is that companies and websites must create and provide safe and secure applications, thus it lessens the vulnerability of their application and systems. They should always be alert and that the fact that they suffered an attack before doesn’t mean that they will be immune in the next attacks.
Last years, security breaches were minimal compared to the other years. But because of these breaches we learn to value the importance of internet security and the help of those people with ms in information security.
EC-Council University is a licensed university that offers degrees and master’s degrees on Security Science online. The degrees are recognized worldwide and may be used in any employment worldwide as well as the graduate certificates that they offer. With excellence and dedication as the core values, many professionals and degree holders have benefited from undergoing the programs in this university.
More information about master’s degrees in information security available at www.eccuni.us.