You can’t fail to have noticed that eBay has become the latest high-profile company to fall victim to a data breach incident, thanks to the global media attention and commentary that the incident has attracted. In a post on eBay’s corporate site, the online auction site urged its customers to change their passwords following a cyber attack that compromised one of its databases earlier this year. According to eBay, attackers successfully “compromised a small number of employee log-in credentials, allowing unauthorised access to eBay's corporate network”, which enabled them to access customer information, including names, encrypted passwords, email addresses, contact details and dates of birth. Despite eBay hastening to add that no financial information had been stolen, data breaches involving customer information can be extremely damaging for any business, as lost customer confidence can be hard to regain. Particularly, when you are responsible for 233m customers’ details. The fact is that all companies that store client data must ensure they have a rigorous cyber security plan in place, that they identify and manage any areas of high risk and that they are fully prepared with an incident detection and response strategy should the worst happen.
The eBay debacle provides another stark warning to all organisations that the threat to businesses is continuing to grow. The fact that employee accounts were compromised in this case is particularly concerning, as robust controls should be in place around these credentials, including behavioural monitoring systems which flag any suspicious behaviour in real-time. While it remains to be seen how these credentials were compromised – whether via a successful phishing email or the involvement of a third party – it is unfortunately unsurprising that these incidents are continue to occur.
As the cyber threat landscape continues to evolve and with household names continuing to suffer embarrassing data breaches, organizations must accept that attackers can and will look to exploit any weakness that exist in their security defences. With this in mind, the focus must be on ensuring full network visibility and being able to detect, contain and remediate an attack when – rather than if – the situation arises.
To contact Nettitude's editor, please email firstname.lastname@example.org.