Protecting the Four Pillars: Physical, Data, Process, and Architecture

By: Jesse Cryderman

“Cyber threat is one of the most serious economic and national security challenges we face as a nation ... America’s economic prosperity in the 21st century will depend on cybersecurity.”
—President Barack Obama, 2009

The hackers are winning.

At the end of October, Adobe Systems announced that data belonging to 38 million of its customers had been obtained by hackers, who’d infiltrated the company’s systems at least two months earlier, along with the source code for three of its products. The server that housed Adobe’s database also housed a PR Newswire database of customer logins and passwords, which hackers stole and leveraged for various additional exploits, such as uploading fraudulent press releases.

So much for cloud security and colocation.

Adobe’s story made headlines, but its data breach isn’t the biggest to date of 2013: that honor goes to Evernote and LivingSocial, both of which had 50 million customer accounts jeopardized by hackers earlier this year. Then there was the news last summer that a long-term targeted attack on systems used by Visa, 7-Eleven and even NASDAQ had exposed the credit- and debit-card numbers of at least 160 million account holders, quite possibly the largest data breach in history—so far, that is.

In 2012 hackers compromised a White House computer network; this year they merely broke into the personal email accounts of staff members and defaced the White House’s website. An above-ground site (click here to see a screenshot) offers to perform accurate and detailed searches of social security numbers and phone numbers for a small fee using information it’s queried from databases stolen fromthe databases of credit-card aggregators. And the vigilante hacking group Anonymous seems to be able to penetrate its adversaries’ websites at will, stealing entire databases in the process.

How do they do it? And, more importantly, how can we stop it?

Unauthorized access to communications systems is becoming more sophisticated, while hackers are attacking through more avenues, and more often, than ever before. Whether you’ve read Verizon’s “2013 Data Breach Investigations Report,” HP’s “2012 Cyber Security Risk Report” or one of many other sources, all signs point to an epic security fail.