Think you've had security problems? You ain't heard nothing yet. We asked the pros to tell us some of the worst disasters they've faced. Here's what they told us.
If there's a law of network security, it is that disasters happen. However, some disasters are worse than others, both because of the causes and the consequences of the error. When the Canadian Air Miles loyalty card exposed subscribers' personal information on an unprotected website directory in 1999, the situation was a horror story both because the privacy of 50,000 consumers was compromised, but also because it was such a stupid error.
"Dumb mistakes are so common, but the problem is that you don't have to be dumb to make a mistake," says Justin Peltier, senior security consultant at Peltier Associates in Detroit. "Once system complexity gets to a certainly level, mistakes are virtually inevitable, and it's the mistake and not the hacker that's going to get you. Even then, defenders have to be right all the time, while attackers only have to be right once."
Although organizations that handle sensitive data -- which is to say, virtually all organizations -- have become more security savvy in the last few years, the cost of network carelessness continues to be substantial. Unfortunately, the kind of perfection that Peltier refers to is probably impossible. Accidents happen, and doors are left open despite the best intentions of even the most security-aware companies.
The biggest security horror story in recent memory was last spring's CardSystems breach that exposed the credit card and bank account information of 40 million consumers. The company dotted all of its information "i's" and crossed all of its technological "t's" but a hacker was still able to get at them. CardSystems "had passed all their audits, so they thought they were okay," says Peter Stapleton, director of Computer Associates eTrust Security Management. "The problem was that the audit was very network oriented; it wasn't an audit of the process vulnerabilities."
CardSystems had to make the effort because of the sensitive nature of its data, but companies that don't deal with millions of credit card numbers can often forget that even their data are sensitive. Together with a lack of technological savvy, that can be a recipe for disaster. Peltier recalls installing a firewall at a Midwestern industrial equipment manufacturer and supplier in 2001. The company was still paper-based at the time, so none of its critical systems were then online.
Three years later, the company had networked virtually all of its processes. Unfortunately, it had left those processes swinging in the digital wind. "The old network administrator had left at that point, and he hadn't given the passwords for the firewall to the new administrator," he says. "As a result, then couldn't configure the firewall, but because they were networking more processes, they just decided to put everything out on the raw Internet."
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.