In security , one of the imporatant rule is
"Prevention is Ideal but Detection is a MUST"
What bothers me is this line?
Scottrade claims that it didn’t find out about the breach until federal authorities contacted the company to tell them they were investigating “cybersecurity crimes” involving the theft of information from Scottrade and other financial services companies.
First:
Scottrade is and investment and brokerage firm. In simple words they deal with people's money
Second:
They are not a brick-and-mortar company, they are a e-commerce company yet, they were not
So, why were they unable to detect the Breach?
From the Article
The St. Louis-based company confirmed that information such as customers’ Social Security numbers, email addresses, and other data, were on the same system that was accessed, but that at this time it believes contact information was the main focus of the attack (really?).
When authorities arrested four men in Florida and Israel over the summer in connection to another financial services hack, the breach of JPMorgan Chase, court proceedings revealed the attack may have been the beginning of a complex spam email chain campaign. As part of a “multiyear campaign” the hackers were apparently hoping to leverage millions of spam emails to trick well-connected investors into investing in otherwise menial stocks.
For more info:
No comments:
Post a Comment