This was some quick research simply to prove a point. Security is important to your customers. If it's not, then it should be.
Highlight of a recent conversation with a Fortune 500 company who called me while I was at DEFCON. Network team, firewall team, and others were on the call. They have special awards for companies like this.
Customer: I need ports, protocols for the administrative network.
Me: Excellent. Not a problem. Can you explain the use case?
Customer: It's for DMZ access.
Me: Are you going to expose the management network to the DMZ?
Me: On the face of it this seems like a really bad idea. This is a massive compute platform. Can you explain what kind of segmentation you have inside the DMZ?
Customer: I have no idea what kind of segmentation we have inside the DMZ.
Me: At this point I could do one of two things. I can either give you the information you want and trust that you have a security team that will look into this, or I can recommend you take a step back and understand what you are trying to accomplish – including the potential risk implications.
Customer:… Silence… Maybe we should set up a meeting…
Okay – onto the quiz.
Question: What do these companies have in common?
- The Home Depot
- JP Morgan Chase
- Rite Aid Pharmacy
- Northern Trust Company
- Wall Street Journal
- Bank of America
- Lockheed Martin
- Goldman Sachs
- PF Chang's
- And 100+ more that were fortunate to find something special.
Over what time period?
Hint…Quote from Olaf...
“Oh, I don’t know why, but I always loved the idea of summer, and sun, and all things hot.”
Answer: Summer 2014 – these companies were burned by a data breach.