The online shoe and apparel shop Zappos.com is the latest to experience a network security breach. It’s reported that hackers have accessed its network and compromised customer account information. This latest security breach raises some important questions :How are IT managers dealing with today’s ever changing network security threats? Are companies fully protected against the latest phishing techniques and data-stealing malware?
According to a statement posted on the company blog “we were recently the victim of a cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky". "We are cooperating with law enforcement to undergo an exhaustive investigation."
The company stressed that credit cards were not affected, but that email addresses, billing and shipping addresses, phone numbers may have been compromised. The specifics of the attack are not known but it is though to affect over 24 million customer accounts internationally.
Many high profile companies have suffered serious data breaches; in the past year compromised security at Sony, the global games company, allowed criminals 20 million accounts which including email addresses, phone numbers, passwords, and in some cases credit card numbers. It has been reported that some of this information is for sale in several cybercrime forums. Another high profile attack and possibly the biggest data breach in US history was the Epsilon attack earlier this year. Epsilon had their IT system hacked and the criminals gained access to the names and email addresses on their customer database which included some of the worlds largest companies across a variety of sectors. This successful attack gave criminals access to large amounts of information about individuals in these companies, details which will allow them to more effectively target each company more specifically.
A layered approach to protection is key. Companies need to deploy a variety of tools in an intelligent way to ensure the network is protected both from email and web attacks. From a social networking viewpoint companies need to monitor, manage and control how different individuals use social networks in the workplace as well as providing protection for company data from malware and other internet threats such as viruses, spyware and phishing . It is vital companies keep their security solutions valid and up to date so that they can secure their organisations and improve network security.
A successful corporate phishing scam can lead to financial loss and loss of customer data. Organisations must remain vigilant and follow proven guidelines such as not clicking on links or attachments in unsolicited emails. User awareness is key and awareness training should be a part of every corporate security program. Social Networks too have a responsibility in preventing successful attacks from happening. It's clear that the implementation and tightening of social spam filters is inevitable if this is to be achieved.