Cybersecurity experts from VASCO Data Security, Proficio and Tripwire commented on this week’s news of Insider Trading Hack Using newswire services to access confidential information before it was publicly announced.
John Gunn, VP, VASCO Data Security :
“This is a fascinating new domain in the field of defending against attacks. Cash, credit card numbers, and social security numbers have high value to all hackers, so they are well protected, especially by banks who spend a fortune on protecting their assets. But a press release has essentially zero value to anyone except an extremely small group of hackers who can exploit the information in secondary markets. This creates a dangerous scenario where zero-value assets that are protected by minimal security come under attack from hackers who have the know-how to convert the asset into significant monetary gain. These hacker mash-ups will become more frequent as enabling technologies make criminal collaboration easier.”
John Humphries, CMO and Co-Founder of Proficio :
“If you have confidential information that can be monetized, assume you are being attacked. What’s next – pending drug approvals by the FDA, court opinions, rating agency analysis? While the attacks on Marketwired and others were determined and targeted, none of the techniques should surprise a well-run security team. They underscore the need for constant monitoring by either an internal Security Operations team or a SOC-as-a-Service provider.”
Tim Erlin, Director of IT Security and Risk Strategy, Tripwire :
“Companies need to be aware of the risks their supply chain presents to the business. This is a case where sensitive information was transferred to a third party, and while the sensitivity was time limited, the data was clearly at risk. While public companies may take the time to revisit their PR processes with an eye towards security, they should look at other areas where data is shared with third parties that might be exploited.
The US Government took more than two years to bring this case to an arrest. While that may seem like a long time, that kind of patience and persistence is the best weapon that federal agents have in a tough fight against sophisticated criminals.”
Ken Westin, Senior Security Analyst, Tripwire :
“Data becomes a target when it has value. Many would wonder why hackers would want access to this type of information, but many forget that hacking is a business, a big business. Particularly as we have seen increased collaboration amongst hackers and white collar criminals, you have a convergence of technical skills with knowledge of finance and markets. PR is not the only target, as law firms and manufacturing are also sources of information that can be of value to those with knowledge of the markets and willing to take the necessary risks. Getting access to this type of information before anyone else about publicly traded companies including earnings reports, patent status, manufacturing yields and other intellectual and proprietary information can give an investor an edge in the markets, with potentially large gains with minimal perceived risk.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.