Ross Brewer Archives - Latest News from Backup Technology

Spotify has become the latest company that has been successfully targeted by hackers which has resulted in all users using the Android mobile app being forced to upgrade in the next few days.

It has been confirmed that only one Spotify user’s data was accessed by the hackers but did not contain password credentials, financial or payment information.

The repercussions of this data breach have resulted in a portion of its 40million customer base having to re-enter their login credentials. Spotify has also confirmed that they plan on beefing up the security on their systems in an attempt to improve security for its users. So far, those using Spotify on the iOS and Windows Phone operating systems do not need to take any action.

Chief technology officer, Oskar Stål, stated, “We’ve become aware of some unauthorised access to our systems and internal company data. Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial or payment information. We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident.”

Ross Brewer who is the vice president and managing director of international markets at LogRhythm believes that this latest incident proves that organisations still don’t have the appropriate security defences in place to protect themselves against cyber-attacks.

Brewer stated, “While this Spotify attack appears to be relatively minor in terms of customer impact, particularly when compared to last week’s eBay furore, it still raises questions about how equipped these companies are to keep our personal information safe.”

Brewer added, “Spotify’s statement makes no reference to when the compromise was discovered, simply that it acted immediately. Given only one user’s data appears to have been accessed, one has to question whether this announcement is a knee-jerk reaction to the criticism surrounding eBay’s slow disclosure. Whatever Spotify’s reasoning, the organisation has to be commended for shrugging off the stigma attached and ensuring the breach didn’t reach the catastrophic proportions of others like it.”

This incident shows the importance of ensuring that you have the strongest security defences in place as hackers are developing new sophisticated attacks at an unprecedented rate. It is also vital that a robust backup solution is in place so data can be recovered no matter if it is deleted or modified by a hacker.

It is the intention of the Bank of England to hire its own ethical or “White Hat” hackers to help them to test the security of 20 “major” financial institutions. The action has been taken; it seems, as a response to the Waking Shark II exercise that took place in November 2013.

Charles Sweeney, CEO of web security firm Bloxx, believes that the Waking Shark programme was a great success but that it is important to continue to test your defences as attacks evolve and develop at a rapid rate.

Swenney stated, “Banks face a relentless onslaught of persistent and sophisticated attacks because they are considered to be highly prized targets for criminals. Last year’s Waking Shark programme was a great success, but attacks evolve and develop at a rapid pace so it is no surprise that the Bank of England wants to test defences again.”

Sweeney added, “It is great to see the UK leading the way in cyber protection programmes that can make a real difference to consumers, enterprises and the economy.”

Adrian Beck, Veracode’s security programme manager EMEA, is also in full support of the Bank of England’s decision to utilise ethical hacking as it is one of the best ways to expose any potential security weaknesses.

Beck declared, “It’s encouraging to see the Bank of England taking a lead on protecting the UK’s critical national infrastructure by overseeing ethical hacking programmes.

Beck added, “Ethical hacking, in the form of penetration testing, is one way to expose software coding errors in an organisation’s applications, along with other vulnerabilities that threaten critical data. All businesses, whether in the public of private sector, should consider the benefits of investing in ethical hacking as part of an application security programme.”

MD of LogRhythm, Ross Brewer believes that it would be disastrous if the Bank of England was to suffer a serious data breach and that recent data breaches just show how disastrous they can be.

Brewer stated, “The financial sector is taking a positive step here, which many other organisations need to learn from. As they play such a critical role in society, it would be disastrous for one of our leading banks to suffer a significant data breach. We only have to look at the recent large-scale data breaches, such as Target in the US, to see just how devastating and long-lasting this can be. Given the level of trust businesses and consumers place in banks, a successful attack on a financial firm would be even worse. ”

Do you think that it is a good idea to hire White Hat hackers? Do you think that organisations can do more to ensure that their security measures are up to scratch?