8,000 exposed in Slovak Chamber of Commerce and Industry hack

Enterprises show more interest in deploying encryption strategies, reaching the largest growth in 11 years, Ponemon survey reports.  Every year The Ponemon Institute independently puts together a report about global encryption trends and regional differences based on interviews with over 500 IT professionals from the US, UK, Germany, France, Australia, Japan, Brazil, Russia, Mexico, India and, recently, Saudi Arabia. The research is sponsored by Thales and Vormetric Data Security. “In the 11 years the core survey has been conducted, there has been a steady increase in the use of encryption technology, with the highest increase ever in this year’s results,” said Dr Larry Ponemon, chairman of The Ponemon Institute. Along with that increase we’ve seen the rise of new challenges in the areas of encryption key management, data discovery, and cloud-based data storage.  “The findings of this study demonstrate the importance of both encryption and key management across a wide range of industries and core enterprise applications – from networking, databases and application level encryption to PKI, payments, public and private cloud computing.” While 56% of respondents use the cloud as storage for confidential information, enterprises are more cautious when deploying encryption solutions as support for both cloud and on-premise deployment is a priority. HR data and sensitive information of employees ranked higher in importance than payment data or financial records.  In view of recent regulations, privacy concerns, and vulnerabilities to data breaches, encryption is most widely used by companies offering financial services or operating in the healthcare, software or technology industries. Peter Galvin, vice president strategy at Thales e-Security, said: “As businesses increasingly turn to cloud services, we’re seeing a rapid rise in sensitive or confidential data being transferred to the cloud and yet only a third of respondents had an overall, consistently applied encryption strategy. Encryption is now widely accepted as best-practice for protecting data, and a good encryption strategy depends on well-implemented encryption and proper key management. Thales hardware security modules (HSMs) have provided reliable high-assurance key management for decades, and this year’s study underscores their importance in securing a wide range of critical applications.” 8,000 exposed in slovak chamber of commerce and industry hack - Careless Employees and Inefficient Measures Make Companies Vulnerable to Data Breaches 1 - 8,000 exposed in Slovak Chamber of Commerce and Industry hack

The official site of the Slovak Chamber of Commerce and Industry (scci.sk) got hacked and 8,000 users were affected, according to news reports.

Data such as names, phone numbers, hashed passwords, and emails, were leaked by a hacker dubbed Kapustkiy, a member of the New World Hackers group. He reportedly used SQL injection to exploit an existing site vulnerability and managed to get access to sensitive information.

The hacker said to have contacted the site’s administrators, but hasn’t received a response.

SQL injection is one of the most common techniques used to force a site into dumping data to an attacker. Yahoo, Sony, LinkedIn and other millions of web applications have suffered SQL injection attacks. Why? The Open Web Application Security Project (OWASP) offers a pretty good explanation:

SQL Injection attacks are unfortunately very common, and this is due to two factors: the prevalence of SQL Injection vulnerabilities and the attractiveness of the target (databases containing the interesting/critical data for the application),” OWASP says.

Plus, there are a lot of free available tools which even script-kiddies can access.

The first step towards better security is to scan websites and web applications with an automated web application security scanner. Developers also need to provide each web application only with the privileges it requires. Segregation and data encryption are also quite important, along with the sanitization of user input.

Read the original article here

Stay up to Date


Categories

Something else you may like …

Menu