News of the recent LinkedIn security breach that compromised 6.4 million user accounts must have sent shivers down the spines of users who heavily make use of the website. While LinkedIn has since reset its systems, it could take days to complete investigations into how security was breached on the site that helps matchmake potential employers with employees.
According to a Reuters report, at least two security experts who examined the files, believed to contain the stolen LinkedIn passwords, said the company had failed to use best practices for protecting the data.
They claimed that LinkedIn used a basic method for encrypting passwords, which allows hackers to quickly unscramble all passwords after they figure out the formula by which any single password has been encrypted.
However, Mark Smith, managing director, Asia, Savvis, asserts that no system is completely foolproof. “Security breaches can happen and no system is 100 per cent secure,” he says. Savvis is a company that helps build cloud infrastructure and host IT solutions for enterprises. Mr Smith believes that effective communication to customers after a security breach still remains a challenge.
He points out that putting together a formal communication process can reduce fear among the public and increase their confidence in the company and he applauded LinkedIn’s swift action in providing members with an update that answered some frequently asked questions and letting them know what they could do to protect their information.
Turning to the industry, Mr Smith observes that there is a constant and growing threat of viruses, worms, spyware, and denial-of-service attacks that can corrupt, steal, or even destroy critical corporate information. These attacks have become widespread and complex and many businesses find it challenging to prevent zero-day attacks.
Network security comes down to the tiers of security that are applied to the business. “Service providers should layer security services to protect against breaches. This means they can expand security coverage accordingly, as businesses grow,” he explains.
One of the fastest growing threats today is a Distributed Denial-of-Service (DDoS) attack. In many cases, a DDoS attack could be caused by hundreds, or thousands, of compromised computers controlled by a single perpetrator.
During an attack, the perpetrator instructs these infected computers to “flood” a business site with requests, rendering it incapable of functioning properly. This ultimately brings the site down and causes financial losses, for instance, in the case of bank websites.
A common security breach usually occurs from within the organisation, sometimes due to human error, or to malicious employees. Mr Smith notes that a wrong configuration of applications is another cause of security breaches.
Employees handling company security may be trained in general security, but are not specialised in specific aspects of security, leading to human error.
“Many companies whose core business is not deploying security end up deploying security and this increases the probability of a potential security breach,” he explains.
Malicious damage could also result in security breaches. Many companies find it difficult to control internal access.
Mr Smith says: “We regularly see news articles about service failures and anonymous taking down of websites like government services and some of the biggest brands in the world. DDoS mitigation, layering security levels, and outsourcing infrastructure to experts can help provide against such incidents.”