The GOP almost certainly had privileged or insider-level access that makes SONY’s laughable password protection a moot issue. Personnel and payroll files are the types of files that a disgruntled former associate would use to embarrass and destabilize a former employer.
They took files that were either highly sensitive, long dormant, or large, which created a footprint that’s readily discernible from standard line-of-business communications.
Free eBook: Modern Retail Security Risk – Get your copy now.
Malware infection, deep intrusion, and network exploration should have triggered internal alarms via off-the shelf network software and appliances. But no alarms sounded during the hack.
Diligence now requires in-network technologies that actively scan and detect internal attacks to protect the network within. Old school intrusion protection, firewall and endpoint security systems guard the front door, which proves unhelpful when malicious players are welcomed inside via privileged access.
Prevention is the art of the basic: The next essential step lies in up to date management of applications, permission policies and risk levels at the data and subnet levels, with off-the-shelf solutions.
By Carmine Clementelli, Security Expert and Manager, PFU, a Fujitsu Company
Bio: Carmine Clementelli is a security expert and manager with PFU, a Fujitsu Company. Clementelli and his team help healthcare, pharmaceutical, banking and finance, educational and other institutions and corporations throughout North America secure their networks, data and critical information assets. Fujitsu is a global security leader.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.