Comment on mSpy Breach

By   ISBuzz Team
Writer , Information Security Buzz | May 21, 2015 05:08 pm PST

Covering the mSpy breach, Trey Ford Global Security Strategist from Rapid7’s wanted to share some comment on the news:

“I think the most interesting aspect of this breach is that people being spied on were having their information stolen by one party, and it’s now moving rapidly through the underground. Not only is the legality of installing this software questionable (CFAA, etc.), but those who have the software on their devices have had their lives laid out in an un-contained information disclosure – it’s highly unlikely the victims of this crime will understand the extent of the damage for a very long time, if ever.

This underscores how sensitive information may not necessarily be protected by regulations and auditors. Corporate executives are effectively information owners, responsible for the data collected, how it is stored and protected, and what to do when something happens. Because data does not have a fixed value, there will never be clean alignment between how a user values their information (including information about them), the company and their executives value that data, and how a criminal values that data.”

By Trey Ford, Global Security Strategist at Rapid7

Trey FordBio : Trey Ford is the Global Security Strategist at Rapid7 where he serves as a customer resource, industry and community advocate. Over the last 15 years, Ford ran Black Hat events worldwide as General Manager, and served functions ranging from incident response, product management, PCI QSA and security engineer for a variety for industry leaders, including Zynga, McAfee, FishNet Security and WhiteHat Security.

About Rapid7

rapid7 Rapid7’s security data and analytics software and services help organizations reduce the risk of a breach, detect and investigate attacks, and build effective IT security programs. With comprehensive real-time data collection, advanced correlation, and insight into attacker techniques, Rapid7 strengthens an organization’s ability to defend against everything from opportunistic drive-by attacks to advanced threats. Unlike traditional vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, Rapid7 offers proprietary capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,700 organizations across 90 countries, including 30% of the Fortune 1000. For more information visit here