In a fashion that has been consistent for the previous few months now, another big firm, EBay, has disclosed that its databases were breached and user information compromised. Although the extent of the breach is yet to be disclosed, there are reports that a staggering 145 Million records have potentially been compromised. Although the company is advising its users to change their login credentials as soon as possible, eBay maintains that no financial information has been compromised. The PayPal users have reportedly been unaffected. .
This recent attack on such a big firm, which is the latest in the long list of cyber attacks targetting big companies teaches us a lot about security, or the lack of it, across the web (does Heartbleed ring a bell?)
Here are a few points we learn from the recent attacks on biggies such as Target and eBay:
- Never use same usernames or passwords on multiple websites.
The same passwords shouldn’t be used on multiple sites, we have been told this time and again. But, still, this remains the biggest problem and security threat. In its May 21 letter to users, eBay urged customers to change all passwords across all the sites they use, and to never use the same password for two different services. Having unique passwords for every site is a necessity in today’s insecure world.
- Never trust a company’s security, even it’s the biggest in the world.
There is a general assumption that smaller firms were most likely to be affected by security breaches, now it’s clear that even the biggest companies in the world can get hit with major hacks. Therefore, it’s incumbent upon users never to trust a company with their data.
- Expect to be hacked and attacked.
As sad as it sounds, today’s users should expect to have their information stolen at some point. Given the fact that hackers have been able to break into government data centers, retailers and now eBay, it’s practically impossible to be safe from such threats.
- Financial Information is tough to steal.
One good thing that has come out of all this fiasco is that the information associated with financial transactions, such as credit cards, is not simple at all. All this information is encrypted , and systems protecting such information seem to be working as advertised, as of now.
- Companies aren’t learning from previous mistakes.
Companies seem to relish in the fantasy that their security is better than others and they cannot fall prey to such attacks. If we have learned one thing from the past, it is that no one is secure enough, to sit back and relax without worrying about security.
- Executive decision makers are convinced they are safe.
For the IT decision-makers, all this news security breaches should be a wake-up call. They are not giving enough importance to the issue. While many IT decision-makers might believe that their corporate data is, it’s becoming increasingly apparent that believing that is a mistake.
- Hackers are a step ahead of the security measures.
The malicious hackers around the globe are winning. And this is an unspoken truth. Till now, the security community has pretended that it is keeping pace with hackers. The truth is that it hasn’t, and it can’t, until it accepts that the hackers are better at what they do and are more dedicated. Data will never be safe as long as the malicious hackers are a step ahead of those folks who are supposed to be protecting us.
- Companies don’t see attacks coming.
It’s astonishing to see that so few companies see attacks coming. Despite all the concerns with security and data breaches, firms aren’t doing things as simple as monitoring database access or server queries. Companies avoid such practices in order to save money and in the long run end up paying heavily.
- Companies are reluctant to react to potential flaws in security.
Companies being reluctant to address their clients concerns about their data security and possible flaws in their security infrastructure, makes the matters worse. eBay took months to discover that they had been hacked and weeks more to make this information public.
- Companies need to make real decisions, not just offer apologies.
eBay’s response to its data breach—change passwords and don’t worry about your financial information—hardly inspires confidence. The same might be said for Target, which could only offer apologizes and credit monitoring. The answers that companies are providing aren’t solutions. They need to realize that real solutions are what is required and not simply make us forget about such incidents.