For a long period of time, hackers spent much of their attention trying to compromise financial institutions and government agencies. Still popular targets, cybercriminals have shown new interest in compromising SMBs and consumers – while our banking information and other personal information remain valuable prizes.
LifeLock, a service designed to help consumers keep their personal data secure, had a vulnerability on its website that left customer email addresses exposed. Each high-profile breach should be a learning experience for companies, though it doesn’t seem the message is quite sinking in. Three key points that should be learned from the LifeLock disclosure (via eMazzanti Technologies):
Lesson 1: Safe website development is a must
Lesson 2: Keep an eye on your partners
Lesson 3: Protect your own personal data
I believe lesson #2 is a topic that must be discussed by software developers and cybersecurity experts. Personal information, confidential data, and other sensitive materials can slip through the gaps when shared with partners and third parties. Added interest in creating an entire closed loop of data access, so unauthorized traffic is less likely to be an issue – for example, devices on sensitive networks shouldn’t be able to communicate with unverified systems.
As noted by Jennifer Mazzanti, CEO of eMazzanti Technologies: /
“The unsubscribe page that allowed access to LifeLock customer email addresses is apparently maintained not by LifeLock, but by an outside business partner. Still, at the end of the day, customers trust their data security to the company whose name displays at the top of the website.”
Software is now progressively fast to deploy new products, updates, security patches, and other changes to their products.