Don’t Gamble When it Comes to Information Security

Yesterday’s news brought us yet another reason why companies of all sizes need to take network security seriously.  This is no place for companies to cut cost and “hope” the headlines will not be flashing their names, because this approach will more likely than not lead to trouble!

While IT security has traditionally been viewed by the business as a cost center, it really is needed and just one successful blocked attempt can provide you with 100% ROI. The question is how would you know? Do you have the auditing tools necessary to validate an attack or know if an attack is currently taking place?

IT Security in many respects should be considered before, during and after the planning of applications that will be stood up. Retrofitting IT security is never a replacement for planned security from the start. What do I mean?  Let’s look at a typical banking application that supports your online checking account. Most, if not all, online banking is ‘secured’ by using https. This allows you to have a secure connection to that server, but it also provides cyber-criminals with a secure connection to that server! Therefore, if you did not have security baked into the planning and deployment of this online application, you stand a greater chance for the attackers to break in undetected. Once they have access to this server, they can now very easily expand their path to wreak havoc and steal valuable information.

The article about the latest online bank heist mentions, “To perpetrate the scheme, hackers tampered with prepaid and debit MasterCards processed by two companies with locations in India, which Reuters identified as EnStage Inc. and ElectraCard Services. They manipulated the card’s codes to increase their available balances and eliminate withdrawal limits, and then passed the infected codes to thousands of “cashers” who used them to suck funds from ATM machines.”

My interpretation is that these attackers exploited vulnerabilities within the web application. This would be from having both the firewall and server open to ports not used by the application. Or maybe simply a patch of code not tested for this type of attack. Let’s try and help our IT community as a whole and share your ideas on how to prevent this in your environment with the information we know about this recent heist.

How would you protect your company from attacks like this one? Do you need IPS/IDS?  Host-based or network-based or both? Do you have a web-based firewall?