Covering up penetrations

According to Kevin Colman, companies routinely bury the evidence they have been hacked. From his DefenseTech post:

Example 3 – A security consulting firm contacted me as an advisor. They were brought in to review security and recommend changes of a publically traded company. During their work they discovered the company had been breached. They had found a “bot” attached to an Oracle database. The “bot” collected information about the manufacturing cost of the company’s products. They approached the CIO with the facts and the Sarbanes-Oxley issues, he refused to communicate the issue to the senior executives and then cancelled their contract.

Well, we don’t know more than all the hackers do. This is a highly dynamic threat environment that even the top security professional say is “challenging.” The “it can’t happen here” attitude is insane. One veteran US Special Agent in cybercrime investigation publically stated how companies do their best to cover up corporate espionage and insider theft. He went on to say he had seen entire corporate networks of over 100,000 systems completely compromised and hundreds of thousands of files exfiltrated and not disclosed. The fact is, if all system breaches were reported the security metrics would be much worse that the ones reported earlier here. So it not only can happen here, it probably already did and got covered up.

I really hope Mr. Coleman is exagerating things a bit. But I am afraid he is not.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s