Risk
8/29/2007
12:58 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Small Business Lessons From Big Monster's Big Security SNAFU

How you handle news of a security breach can be as important to your business as how you handle the breach itself. And how you handle perception of your handling ranks just as high.

How you handle news of a security breach can be as important to your business as how you handle the breach itself. And how you handle perception of your handling ranks just as high.Among the ongoing (and ongoing and ongoing) fallout from mega job-poster Monster.com's security lapse is the news that Monster took five days to inform its users of the breach.

Ooooops.

While there are plenty of people who will tell you that a five-day turn on a million-plus breach is pretty responsive, you won't find that attitude in the press, you won't find it among Monster's compromised users.

The lesson from this is that whatever the nature of a security breach, you must mount a zero-day response. That means now, immediately, pronto, post-haste.

If your company gets breached, take a (quick) deep breath, get your recovery teams to work and start getting to work on getting the word to affected customers, vendors, contacts.

The consequences won't necessarily be any easier to swallow, but you'll at least be swallowing them without the unwanted seasoning of charges of denial, or, worse, deception.

It's a lesson easier learned by small to midsized businesses because you don't have to deal with the levels of bureaucracy, bad advice, BS and butt-covering that gets bigbiz into bad PR straits.

In other words, when it comes to notification of security problems, don't do as they do -- and don't do as they (don't) say, either.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6477
Published: 2014-11-23
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4...

CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?