4 Major IT Failures Highlighting the need for IT Security Investment

Security failures 1

Throughout the past several years, data security breaches are almost an everyday occurrence and are becoming one of the most devastating threats to organisations as well as consumers all over the world. As attackers are becoming increasingly sophisticated, there is a growing need for new IT security strategies to match evolving threats. Let’s have a look at several major instances of data loss that took place in the 21st century.

Heartland Payment Systems

security failures 2

card numbers. The data breach even broke its parent company’s (TJ Maxx) record of losing 45 million credit and debit card numbers in 2007.

Through SQL injection, which installed spyware onto Heartland’s data systems, cyber criminals were able to steal the digital information encoded on the card’s magnetic strip. With this information, counterfeit credit cards were produced by imprinting the same stolen information onto fabricated cards.

After Visa and MasterCard notified Heartland that suspicious transactions were being processed from accounts, they discovered intruders were scanning its corporate network. Two Russians and Albert Gonzalez were alleged to have masterminded the attack. Gonzalez, a Cuban-American, was sentenced to 20 years in prison in March 2010.

RSA Security

security failures 3

In March 2011, RSA Security disclosed that it had been the target of a successful cyber-attack in which the attackers obtained information on the company’s SecurID authentication tokens. The company said that two separate hacker groups worked in collaboration with a foreign government to launch a series of spear phishing attacks against RSA employees, posing as people that the employees trusted to penetrate the company’s network. While the impact of the cyber-attack is still being debated, 40 million employee records were possibly stolen.

Sony’s PlayStation Network

In April 2011, what is said to be the worst gaming community data breach of all-time took place, when hackers attacked the PlayStation Network. The breach not only led to the theft of the data of the 77 million users, 12 million of which had unencrypted credit card numbers, but it was also an expensive and time-consuming problem to fix for Sony.

As a result, the entertainment company was hit with a £250,000 monetary penalty for a serious breach of the UK Data Protection Act of 1998 and received a lot of criticism for how poorly its information was protected. However, the platform has now been completely rebuilt with more advanced security.

The Heartbleed Security Bug

security failures 5

Just recently, security researchers have discovered a serious vulnerability in OpenSSL; a popular open-source protocol used to encrypt vast portions of the web. The so-called Heartbleed bug can allow anyone on the internet to possibly uncover names, passwords, and sensitive information that is sent to a seemingly secure web site. With an estimated 66 per cent of the web using OpenSSL, this is potentially disastrous for both the websites as well as their users.

While many vulnerable servers have now patched their systems, as long as the vulnerable version of OpenSSL is still in use, it can be abused. There are however websites that allows you to check if a particular site is vulnerable.

If you are interested in the field of IT security, head to The IT Job Board to browse the latest Security Jobs.

Post a Comment

Your email address will not be published.