Tale Of Two Compromises Provides Lessons For SMBs

  /     /     /  
Publicated : 22/11/2024   Category : security


Tale Of Two Compromises Provides Lessons For SMBs


The stories behind the hacking of a startups CEO and a journalist, as told at the RSA Conference, provides small and midsize businesses with good tactics to secure their businesses



SAN FRANCISCO -- RSA CONFERENCE 2013 -- At first, Matthew Prince and Mat Honen seem to have little in common: Prince is the founder and CEO of CloudFlare, a small business with a rapidly expanding client base. Honen is a writer for well-known news website.
Yet both have suffered the unfortunate attentions of hacking groups. During a combined talk at the RSA Conference on Wednesday, the two men described the attacks that caused a great deal of digital damage in their lives. Honen lost most of the data collected during his life when one group of hackers decided to gain control of his Twitter handle, @mat. (He later hired a firm to recover most of his lost photos and files.) Prince could have lost a large part of his business, after another group of hackers gained access to his personal e-mail account, which they leveraged into control of some of his business accounts.
In both cases, the attackers harvested information from one of the victims providers and used it to fool another provider into giving them access to their accounts. The hackers in Honens case, for example, got the last four digits of his credit card information from Amazon and used that to fool Apples recovery mechanism into granting them access to his iCloud account.
You do have to worry about your own security, but you also have to worry about the security of all these services, Honen said. Amazon by itself is secure, and Apple by itself is secure, but the combination of two was not.
[The assault on CloudFlare shows that companies have to pay attention to how their security services are locked down and how the credentials for those services can be recovered. See
Attackers Turn Password Recovery Into Backdoor
.]
That is just one of the hard lessons that the duo learned -- lessons that are applicable to most small and midsize businesses (SMBs). Fellow SMBs can glean a few more lessons from their accounts.
1. Separate your personal and businesses lives.
Both Honen and Prince let their business and personal lives intermingle. In Princes case, he used his personal e-mail -- which he secured with a complex password, but not with two-factor authentication -- be the contact point for the recovery of his business Google Apps account. Because his Gmail account was only his personal e-mail, he did not think he needed to heavily secure access.
Now Prince recovers to a business account and uses an account name at Google that is not the personal e-mail address that he gives out. Instead, he uses an alias that links to his more complex account name.
If your personal account is tied in any way to the security of the company, then that is your new perimeter, he said.
2. Use the most stringent, yet practical, security possible
Cloudflare has also moved all of its accounts to require two-factor authentication and, whenever the company talks to a new service provider, Prince always asks what additional security measures the provider can offer. The hackers had fooled an AT&T representative to forward calls to Princes cell phone to a voicemail box -- now that cannot be done without knowing a specific code, he said.
With any piece of my digital life, Ive thought about how can I secure it, Prince said. With any new vendor, we ask what is the most onerous security we can put on our account. And just asking that question has caused us to be better.
3. Practice attacking your business.
SMBs should not only implement better defenses, but imagine how an attacker would bypass those defenses. While hiring a penetration tester can be expensive, companies should have occasional exercises that focus on how an attacker could gain access to their systems.
Honen had not seriously thought about such an eventuality, he said. While he had valuable data on his computer, he had never backed it up locally, he said.
I would never even think that they could have remotely wiped my entire life, Honen said.
4. Practice defending your network.
Within an hour of the attack on Cloudflares network, the company was on the phone with Google blocking access to the companys accounts and regaining control of its systems. For Cloudflare, its most important asset was knowing who to call at its provider, Prince said.
If I didnt know who to call, then this could have been a multiday incident and could have been much worse, he said.
Companies should practice defending their network and making a playbook of what employees should do in each scenario. Doing so can save time, when minutes can make a big difference.
5. Cloud can still be secured.
Companies cannot afford to not use cloud services, especially SMBs. Because many cloud services have good security architectures and hire more security professionals than the average SMB, they will generally make fewer missteps. Moreover, with the productivity and collaboration benefits that cloud provides for small workgroups, SMBs are unlike to forego the services.
Ive had people asked if Ive stopped using cloud services, and, no, I havent, Honen said. There is no retreat from the cloud.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Tale Of Two Compromises Provides Lessons For SMBs