BACKGROUND:

In response to reports that telecommunications giant Syniverse disclosed to the Securities and Exchange Commission last week that hackers had access to its databases over the past five years and compromised login credentials belonging to hundreds of customers, cybersecurity firm Panorays offers the following comment. 

Experts Comments

October 06, 2021
Trevor Morgan
Product Manager
comforte AG

When any part of the backbone of our interconnected ecosystem—service providers—falls prey to threat actors, we are all reminded that nobody, not even tech companies, is immune from cyberattack. The fact that attackers had access, potentially for years, to the EDT (electronic data transfer) environment should make all enterprises no matter what industry rethink their security posture. We need to accept the fact that situating data behind fortified perimeters is only one method of protecting

.....Read More

When any part of the backbone of our interconnected ecosystem—service providers—falls prey to threat actors, we are all reminded that nobody, not even tech companies, is immune from cyberattack. The fact that attackers had access, potentially for years, to the EDT (electronic data transfer) environment should make all enterprises no matter what industry rethink their security posture. We need to accept the fact that situating data behind fortified perimeters is only one method of protecting data, and one that hackers can overcome with enough time, patience, and creativity.

What then? Organizations need to adopt more data-centric protections such as tokenization and format-preserving encryption to guard against hackers getting directly to the sensitive organizational data which is always their main target. Data-centric security replaces sensitive data elements so that, no matter who gains access to it, the attacker cannot read, understand, or leverage that information. Hopefully, every enterprise can receive this critical message: better ways to protect your valuable data are out there, so you simply have to prioritize it. An unwelcome breach will certainly do that.

  Read Less
October 06, 2021
Demi Ben-Ari
CTO
Panorays

The recent cyber incident involving telecom giant Syniverse is just one more example of how a third-party breach can impact millions. In this case, Syniverse, which works with companies like AT&T, T-Mobile and Verizon, discovered that hackers had access to billions of text messages over the past five years through approximately 200 clients. While one might be inclined to think that endless text messages seemingly containing nothing more than lots of emojis are worthless, that’s not the case.

.....Read More

The recent cyber incident involving telecom giant Syniverse is just one more example of how a third-party breach can impact millions. In this case, Syniverse, which works with companies like AT&T, T-Mobile and Verizon, discovered that hackers had access to billions of text messages over the past five years through approximately 200 clients. While one might be inclined to think that endless text messages seemingly containing nothing more than lots of emojis are worthless, that’s not the case. The reality is that those texts are someone else’s private data that could communicate business data—and that data can be bought. Therefore, this constitutes a massive breach.

Cyber incidents like these illustrate why it’s so crucial for organizations, when assessing the security of their third parties, to understand the context of the business relationship with each third party and how much risk is involved. For example, if you are working with a vendor that is connected to all of your infrastructure, you must be sure to comprehensively assess and continuously monitor their cyber posture, as well as remediate any cyber gaps.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.