For this week’s security assessment, I decided to expand upon TechRepublic’s article on a breach at the travel site Orbitz in which 880,000 customer’s payment methods were stolen. The article can be found HERE. This attack is especially unique as it was targeting data that was at least 2 years old and brings up the idea that not only the most cutting edge, most used sites are targets. Older legacy systems are just as much at risk as any other site.
TechRepublic lays out that hackers were able to steal “two years of data, including names, birthdates, home addresses, email addresses, and gender information” (Forrest, 2018). This information, including information about credit cards, could lead to devastating results for those who would be affected. With all this information, including oddly enough information about the customer’s gender, could allow a whole spree of new attacks on other systems or people. While this attack is not necessarily as widespread as many other attacks that have happened in recent history, it’s size is considerable and scary.
While this attack and information stolen is something that would be noteworthy on its own, there is something secondarily that everyone should sit up and take notice on. This attack was not against Orbitz main webpage that is in existence at this very moment. Instead, the hackers targeted a much older legacy system whose security features were not as secure as the main sites. This incident reminds us all that security needs to exist prominently and aggressively across all products that are exposed to the web, and updates and upgrades of these features need to be performed and maintained across all systems, including legacy. TechRepublic states “legacy systems are a reality in most IT environments” (Forrest, 2018), so we should be ever mindful of how well the security features are on legacy systems.
When it comes to how to combat against these sort of attacks, I believe that IT professionals should keep an active document of some nature that maintains what the current security features are on all their systems, including things like versions. This document should be regularly reviewed and if one system requires an upgrade or patch, this document should be consulted to see if any other system requires the same upgrade or patch, even legacy systems. Vigilance and monitoring are our best tools to fight back against attacks like this.
Sources Cited:
Forrest, C. (2018, March 21). Orbitz 880K credit card breach highlights IT's need to protect legacy systems. Retrieved March 21, 2018, from https://www.techrepublic.com/article/orbitz-880k-credit-card-breach-highlights-its-need-to-protect-legacy-systems/#ftag=RSS56d97e7
No comments:
Post a Comment