Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

In Data Security, You’re Only As Strong As Your Weakest Link

IT Pros

Reporter: “Why do you rob banks?”

Willie Sutton (bank robber): “Because that’s where the money is.”

That’s Sutton’s law.  It seems obvious, but it’s so very true.  The law also holds true for hackers– they will attack systems that  store valuable data.

So where might that be?  My first guess would be the iron-clad data centers of the world’s largest banks, pharmaceutical companies, defense contractors, governments, and Fortune 500 corporations.  They are the big juicy targets, right?  But attractive targets aren’t necessarily easy targets.

Today, banks and other high profile institutions have state-of-the-art data protection in the form of firewalls, two-factor authentication, sophisticated encryption, and Varonis.  Hence the term “bank-level security.”  As a result, hackers have to weigh the value of a successful attack against the difficulty of breaching the target.

What if there were a way to seize a corporation’s digital secrets without having to penetrate their heavily fortified walls?  A group of Chinese hackers figured out a rather cunning way to do it – infiltrate the company’s much more vulnerable law firm instead!

According to Mandiant, a Virginia-based security firm, 80 major US law firms were hacked last year.  Clearly, law firms are becoming a primary back door that hackers are using to gain access to valuable corporate data.  But it’s not just law firms we have to worry about, unfortunately.

Any time you send an email to another party—e.g., law firms, accountants, consultants—or transfer confidential documents to DropBox or Google Docs, you’re implicitly trusting that they take security as seriously as your own security admins do, and that they can determine, at all times, who can access your data and who is accessing your data.

The fact is that many organizations, including the growing number of cloud service vendors, haven’t even scratched the surface when it comes to serious data protection and security.  The message is clear: start now.  Your customers will demand it.

Rob Sobers

Rob Sobers

Rob Sobers is a software engineer specializing in web security and is the co-author of the book Learn Ruby the Hard Way.

 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.