Last week Virginia-based web services provider Network Solutions disclosed that they were investigating a data breach on its servers. The breach may have led to hackers stealing the credit card data of nearly 574,000 people who made purchases on Web sites hosted by the company. The data stolen was from transactions completed from March until the discovery on June 8th.
The firm notified 4,343 (nearly half) of its e-commerce merchants that hackers had broken into Network Solutions servers that handle Web site hosting and payment processing and siphoned off personal information. In addition Network Solutions has also offered to contact individual customers and offer them a year of free credit-monitoring service.
Rob Housman, Executive Director of the Washington-based research and advocacy firm Cyber Secure Institute: “This is just the latest example of data compromises. The retailers who were impacted in this attack were small to medium size online retailers, whose reputation could be severely impacted by this breach. People inherently trust larger online retailers such as Target or Amazon, but it is the small to medium retailers who stand the most to lose, through no fault of their own.”
Network Solutions notes that it was PCI-compliant at the time of the breach. According to Housman this underscores the inherent inadequacies of today’s largely process- (not results-) oriented cybersecurity standards, like PCI-compliance.
But these types of attacks ought to be entirely preventable. Housman: “There is a new breed of inherently secure technologies that are now coming to the market. These technologies, such as those offered by Integrity Global Security and Tenix, are certified secure by the NSA against even hostile and sophisticated attacks, even with the source code. Such technologies could have prevented this attack and countless other serious breaches that we have seen in the past few years.”
“The financial sector in particular needs to replace at risk, hack and patch technologies with inherently secure systems”, he continues. “New cyber standards are needed and they must reflect that inherently secure technologies are now available, and they need to drive the adoption of such technologies. If the industry is incapable of addressing this threat then the government needs to step in and drive security. Until higher standards are implemented or existing secure technologies are used, we are all at risk when it comes to e-commerce.” (Source: Cyber Secure Institue/GST)