This could be an outline for several of my Computer Security
lectures.
What the
Marriott Breach Says About Security
We don’t yet know the root cause(s) that forced
Marriott
this week to disclose
a four-year-long breach involving the personal and financial
information of 500 million guests of its Starwood
hotel properties. But anytime we see such a colossal intrusion go
undetected for so long, the ultimate cause is usually a failure to
adopt the most important principle in cybersecurity defense that
applies to both corporations and consumers: Assume
you are compromised.
… The companies run by leaders and corporate
board members with advanced security
maturity are investing in ways to attract and retain
more cybersecurity talent, and arranging those defenders in a posture
that assumes the bad guys will get in.
This involves not only focusing on breach
prevention, but at least equally on intrusion detection and response.
It starts with the assumption that failing to respond quickly when
an adversary gains an initial foothold is like allowing a tiny cancer
cell to metastasize into a much bigger illness that — left
undetected for days, months or years — can cost the entire organism
dearly.
Like the judge, I don’t think we have the entire
story yet. Why take all that data to the UK?
Judge
Orders Software Exec to Turn Over Laptop After He Leaked Data on
Facebook
The co-founder of a software company was ordered
by a judge to surrender his laptop to a forensic expert after
admitting he turned over confidential documents about Facebook Inc.
to the U.K. Parliament in violation of a U.S. court order.
Sensitive internal Facebook records that were
supposed to remain sealed in a California lawsuit were leaked to a
parliamentary committee by one of the founders of app Six4Three,
which sued
Facebook three years ago over access to friends’ data.
… Kramer has admitted to traveling to London
where he claims he was pressured to hand over the information to
Damian Collins, who heads Parliament’s Digital, Culture, Media and
Sport Select Committee.
… Facebook accused Kramer’s attorneys of
complicity in the release, arguing that Kramer could only have access
to the sealed files in a Dropbox account if attorneys gave it to him.
A third-party forensics team will pick up Kramer’s
laptop, along with his attorneys’ computers, on Friday night. He
didn’t bring it to court.
Dilbert explains “managing up.”
No comments:
Post a Comment