Thursday, September 4, 2014

Quiz: What do these companies have in common?

This was some quick research simply to prove a point. Security is important to your customers. If it's not, then it should be.
 
Highlight of a recent conversation with a Fortune 500 company who called me while I was at DEFCON. Network team, firewall team, and others were on the call. They have special awards for companies like this.
 
Customer: I need ports, protocols for the administrative network.

Me: Excellent. Not a problem. Can you explain the use case?
Customer: It's for DMZ access.
Me: Are you going to expose the management network to the DMZ?
Customer: Yes.
Me: On the face of it this seems like a really bad idea. This is a massive compute platform. Can you explain what kind of segmentation you have inside the DMZ?
Customer: I have no idea what kind of segmentation we have inside the DMZ.
Me: At this point I could do one of two things. I can either give you the information you want and trust that you have a security team that will look into this, or I can recommend you take a step back and understand what you are trying to accomplish – including the potential risk implications.
Customer:… Silence… Maybe we should set up a meeting…

Okay – onto the quiz.
 
Question: What do these companies have in common? 
  • The Home Depot
  • JP Morgan Chase
  • UPS
  • REI
  • CVS/Caremark
  • Rite Aid Pharmacy
  • Northern Trust Company
  • Wall Street Journal
  • Bank of America
  • Apple
  • Goodwill
  • CNET
  • Boeing
  • Lockheed Martin
  • Goldman Sachs
  • PF Chang's
  • AT&T
  • Walgreens
  • And 100+ more that were fortunate to find something special.
What happened?
Over what time period?

Hint…Quote from Olaf...
“Oh, I don’t know why, but I always loved the idea of summer, and sun, and all things hot.”

 
 

Answer: Summer 2014 – these companies were burned by a data breach.
http://www.privacyrights.org/data-breach/new