This was some quick research simply to prove a point. Security is important to your customers. If it's not, then it should be.
Highlight of a recent conversation with a Fortune 500 company who called me while I was at DEFCON. Network team, firewall team, and others were on the call. They have special awards for companies like this.
Customer: I need ports, protocols for the administrative
network.
Me: Excellent. Not a problem. Can you explain the use
case?
Customer: It's for DMZ access.
Me: Are you going to expose the management network to
the DMZ?
Customer: Yes.
Me: On the face of it this seems like a really bad
idea. This is a massive compute platform. Can you explain what kind of
segmentation you have inside the DMZ?
Customer: I have no idea what kind of segmentation we
have inside the DMZ.
Me: At this point I could do one of two things. I can
either give you the information you want and trust that you have a
security team that will look into this, or I can recommend you take a step
back and understand what you are trying to accomplish – including the potential
risk implications.
Customer:… Silence… Maybe we should
set up a meeting…
Okay – onto the quiz.
Question: What do these companies have in common?
- The Home Depot
- JP Morgan Chase
- UPS
- REI
- CVS/Caremark
- Rite Aid Pharmacy
- Northern Trust Company
- Wall Street Journal
- Bank of America
- Apple
- Goodwill
- CNET
- Boeing
- Lockheed Martin
- Goldman Sachs
- PF Chang's
- AT&T
- Walgreens
- And 100+ more that were fortunate to find something special.
Over what time period?
Hint…Quote from Olaf...
“Oh, I don’t know why, but I always loved the idea of summer, and sun, and all things hot.”
Answer: Summer 2014 – these companies were burned by a data breach.
http://www.privacyrights.org/data-breach/new