June 15, 2016
Earlier today it was reported that hackers have stolen information relating to around 45 million accounts from VerticalScope, a Toronto-based media company that runs numerous support forums on various topics. Over 1,000 support forums and online community websites on home, tech and sports have been breached as a result of the hack, leaving millions of users’ records exposed.
Farshad Ghazi, global product manager with HPE Security-Data Security, has released the following comment:
“The VerticalScope databreach is yet another example that organizations must follow best practices of encrypting all sensitive personal data as it enters a system, at rest, in use and in motion. The ability to neutralize a breach by rendering data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure.
“Hackers will steal anything of value and this story is no exception. Data has high value to attackers, and even though the information for sale on the black market is several years old, it can still be used for social engineering attacks for spearphishing to attempt to gain access to deeper systems with even more lucrative data that can be monetized directly if stolen.
“We have a saying in security, it’s not a matter of if a breach will happen, but when. Beyond the threat to sensitive data, companies need to be concerned with the impact a data breach can have on their reputation and, ultimately, on their bottom line. A data-centric approach to security is the industry-accepted cornerstone needed to allow companies to mitigate the risk and impact of cyberattacks and other attempts to get this sensitive information.
“End-to-end encryption, a key data-centric security technology, protects data at rest, in use and in motion – thereby minimizing any clear data exposure and ensuring attackers get nothing of value when they do penetrate systems. The ability to render data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure.
“Cyber criminals today are motivated to steal personal data, as well as enterprise data, intellectual property and employee or customer information. Hackers are always looking for a way to exploit a system in a way that they can then turn stolen data into cold, hard cash. As this attack points out, there is a clear need to protect personal information like name, full address, phone number and email address so that criminals can’t use the information to open bogus accounts, sell it for use in more targeted larger-scale spear-phishing, or even to steal identities.”