[BreachExchange] What Recent Breaches Can Teach the Enterprise About Security

Audrey McNeil audrey at riskbasedsecurity.com
Thu Sep 15 20:24:24 EDT 2016


https://www.wirelessweek.com/article/2016/09/what-recent-
breaches-can-teach-enterprise-about-security

Email was formerly the gold standard for business communication, but that
is quickly shifting in light of recent, headline-making security
vulnerabilities. Now, enterprises are forced to look for alternatives that
are in line with both enterprise-grade security needs and employee
communication preferences.

The way we communicate, both professionally and personally, has shifted due
to the evolution and growing popularity of mobile messaging. A study on the
use mobile messaging in enterprise found that 44 percent of employees
reported that they regularly use mobile messaging throughout the workday
with SMS/MMS, Facebook Messenger, Skype and Google Chat/Hangouts being the
most popular apps used.

Employees are taking communication into their own hands and communicating
on the platforms they want, including third party messaging apps, whether
enterprises like it or not. Security is thus a growing concern, as email
not only becomes less reliable, but as alternative forms of unsecure
communication begin to emerge in the enterprise.

What history can teach us

The most recent email security breach was the well-publicized vulnerability
of the Democratic National Committee’s server. Personally identifiable
information was compromised, like social security numbers and contact
information, which sent a huge shockwave through the political world. Some
impacted by the breach reportedly didn’t even want to use their mobile
devices or email accounts following exposure.

But this type of vulnerability isn’t just something political figures need
to be mindful of. Regular people often fall victim to the same issues. For
example, earlier this month it was reported that roughly 200 million Yahoo
accounts were listed on the dark web for sale – a huge security risk for
Yahoo users. No one is safe from these types of vulnerabilities, but that
isn’t to say there aren’t steps that can be taken to prevent these types of
issues.

Mobile users know, for the most part, what they can do for maximum security
online. This includes making sure your password is frequently changed and
always including a special character, but a lot of people don’t take these
measures. Enterprises frequently fall victim to the same flaws. They know
that they should keep their information and communication safer, but don’t
take the steps to do it. These high-profile breaches should be a wakeup
call.

The time is now

Enterprises looking to be proactive about security should take into
consideration a few key characteristics. First, organizations in finance
and healthcare need to ensure that any platforms their employees are using
are SOX or HIPAA compliant. Traditionally, most third party mobile
messaging apps do not meet the necessary qualifications set forth in these
regulations, putting sensitive financial or personal health information at
risk. In order to avoid this, enterprises should adopt a mobile messaging
solution as an alternative to email that employees can use for efficient
communication.

On a more granular level, the type of encryption, including how and when
messages are encrypted, should be a big consideration. Often times,
messages are encrypted and then at some point decrypted prior to ending up
at their final destination. This can be a huge flaw frequently found in
many messaging solutions. Device-to-device encryption and full encryption
during transport is an important consideration, as it makes it much more
difficult to pull information from messages in these instances.

If history is any indicator, security breaches and vulnerabilities will
only continue to put enterprises across industries at risk. Enterprises
need to ensure they are doing everything in their power to be proactive
versus reactive to any possible security concerns, which primarily includes
securing communication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160915/2f32cec1/attachment.html>


More information about the BreachExchange mailing list