The world of computer security is always evolving, from anti-virus and firewall, all the way to DDoS protection and monitoring networks using AI, the industry relies on a plethora of solutions from different vendors to provide layered security for their customers’ and employees’ data. Although some security providers are better than others, it is normally assumed that those providers utilize the best security practices for the services they provide. But what happens when those vendors are the targets of attacks and put their clients’ data at risk?
It seems that not a day goes by without a new security breach. For the past years, there have been more and more companies that failed to protect the data that was given to them by their customers. Unfortunately, it is no longer a question of “if” a leak will happen, but “when” will the leak happen. To prevent those leaks there are plenty of security services like anti-virus, firewall, web applications firewall (WAF), denial of service protection and security operation centres (SOC) that can be used to secure companies’ and customer’s data. And the usual thinking is that, if they are a security company, then they must be secured. But there is a saying: “The shoemaker always wears the worst shoes” …
With the breach that occurred in August 2019 at Imperva, it shows that even security vendors will fail to protect their customer’s data. It is unnecessary to point finger has this can happen to anyone. From government to certificate authority, the current security landscape reminds us that everyone and everything can and will be targeted by motivated attackers. It would be interesting to know how it happened in this specific case, but the “how” shouldn’t be the focus. So, what can be done?
The first takeaway would be to know who you are entrusting your data to. Investigate the companies to whom you provide data. Ensure that they have the right security measures in place. Ask for intrusion tests reports, security audit, or other indicators to show they are trying to keep your data safe. Being a sceptic always helps.
The lessons to be remembered here are more fundamental than technical. It is also a good opportunity to ensure to follow some core principle of security:
Incident response plan should include process to deal with a security breach of your different services provider, from your ISP to your anti-virus.
Keep track of all the services used. When they are the target of an attack, you will be aware of it and will be able to act accordingly.
Ensure that you can respond in a timely manner and adjust yourself to the threat you are facing.
· Security in layers
Avoid single points of failure. Your infrastructure security should include multiple level that complement each other. Hence, when, and not if, a service fails, the impact will be greatly lessened.
These recommendations are not complicated, but by following them, you can be prepared when a breach occurs with one of your service providers.
Remember, there is no perfect security. At one point or another, a small crack in one of the walls you and your service providers have built around your company will be found. The question is, are you prepared to stop the attackers from plundering your company’s data when it happens?