{"id":62,"date":"2011-06-15T09:05:18","date_gmt":"2011-06-15T09:05:18","guid":{"rendered":"http:\/\/www.halkynconsulting.co.uk\/a\/?p=62"},"modified":"2011-06-14T19:05:53","modified_gmt":"2011-06-14T19:05:53","slug":"security-breaches-easy-and-commonplace","status":"publish","type":"post","link":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/","title":{"rendered":"Security Breaches – Easy and commonplace?"},"content":{"rendered":"

On Monday we discussed<\/a> the problem with people assuming that more and more successful hacks and security breaches were the result of “sophisticated” or “state-sponsored” attackers.<\/p>\n

Then, on Tuesday, the now-notorious LulzSec threw a new spanner into the works and opened up, via their twitter stream, the option for people to “dial in” and suggest targets for them to take out. The tweet below was taken from the @LulzSec<\/a> stream on Twitter: (original tweet link<\/a>)<\/p>\n

\"Tweet<\/a>
@LulzSec Tweet 14 June 2011<\/figcaption><\/figure>\n

Also, as a part of a twitter event which they have called “#TitanicTakeoverTuesday<\/a>“, it seems a variety of servers have been taken down by LulzSec. These have included the popular online gaming system Eve Online (as reported here<\/a>) and game-related magazine sites.<\/p>\n

It seems apparent from both the behaviour and target selection, that LulzSec is not a state-sponsored group, is not linked to “international crime syndicates” or any of the normal suspects that are mentioned when big online systems are taken down. Despite this, they have managed to bring Eve Online offline. This highlights the fact that if you do not build security into your business from the outset you will<\/strong> be vulnerable. If you do business online, if you advertise online or anything, you absolutely need to review your security, assess your risks and make sure that you have an appropriate management strategy in place.<\/p>\n

As always, the time to do that is now<\/strong>, not after you have been taken offline with an attack.<\/p>\n

The last thing you want is a malicious competitor seizing an opportunity like this and tweeting your website to a group like LulzSec before <\/strong>you have had the chance to reinforce your defences.<\/p>\n

Part of the problem, which all risk management groups face, is working out what level of attack to defend against. This is not helped by most sites who are taken down keeping the intricate details of the attack a secret.<\/p>\n

The good news is that 90% of security breaches occur through very, very common routes with lack of up-to-date patches being the main one with lack of staff awareness being close behind.<\/p>\n

Spend some time to make sure you have closed all the easy doors. Ensure you have a solid (and tested) incident management plan in place. Make sure all your employees are aware of the security policies and procedures. Make sure you are fully aware of the costs and benefits of various security mitigation options.<\/p>\n

You may still fall victim to a hacker attack, but at least you will be well placed to deal with it and continue with your business.<\/p>\n","protected":false},"excerpt":{"rendered":"

On Monday we discussed the problem with people assuming that more and more successful hacks and security breaches were the result of “sophisticated” or “state-sponsored” attackers. Then, on Tuesday, the now-notorious LulzSec threw a new spanner into the works and opened up, via their twitter stream, the option for people to “dial in” and suggest […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5,3],"tags":[10,11,13,140,18,19,12],"class_list":["post-62","post","type-post","status-publish","format-standard","hentry","category-security","category-securitynews","tag-crime","tag-hacking","tag-internet","tag-security","tag-security-news","tag-srm","tag-vulns","entry"],"jetpack_publicize_connections":[],"yoast_head":"\nSecurity Breaches - Easy and commonplace? - Halkyn Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Breaches - Easy and commonplace? - Halkyn Security Blog\" \/>\n<meta property=\"og:description\" content=\"On Monday we discussed the problem with people assuming that more and more successful hacks and security breaches were the result of “sophisticated” or “state-sponsored” attackers. Then, on Tuesday, the now-notorious LulzSec threw a new spanner into the works and opened up, via their twitter stream, the option for people to “dial in” and suggest […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/\" \/>\n<meta property=\"og:site_name\" content=\"Halkyn Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2011-06-15T09:05:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2011-06-14T19:05:53+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/06\/lulzsectweet-300x120.png\" \/>\n<meta name=\"author\" content=\"Taz Wake - Halkyn Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/tazwake\" \/>\n<meta name=\"twitter:site\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Taz Wake - Halkyn Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/\"},\"author\":{\"name\":\"Taz Wake - Halkyn Security\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\"},\"headline\":\"Security Breaches – Easy and commonplace?\",\"datePublished\":\"2011-06-15T09:05:18+00:00\",\"dateModified\":\"2011-06-14T19:05:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/\"},\"wordCount\":441,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"keywords\":[\"Crime\",\"Hacking\",\"Internet\",\"Security\",\"Security News\",\"Security Risk Management\",\"Vulnerabilities\"],\"articleSection\":[\"Security\",\"Security News\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/\",\"name\":\"Security Breaches - Easy and commonplace? - Halkyn Security Blog\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\"},\"datePublished\":\"2011-06-15T09:05:18+00:00\",\"dateModified\":\"2011-06-14T19:05:53+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Halkyn Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security Breaches – Easy and commonplace?\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"name\":\"Halkyn Security Blog\",\"description\":\"Specialist Security & Risk Management Consultants\",\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\",\"name\":\"Halkyn Consulting\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"width\":\"990\",\"height\":\"170\",\"caption\":\"Halkyn Consulting\"},\"image\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/2329571\",\"https:\/\/twitter.com\/HalkynSecurity\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\",\"name\":\"Taz Wake - Halkyn Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"caption\":\"Taz Wake - Halkyn Security\"},\"description\":\"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.\",\"sameAs\":[\"http:\/\/www.halkynconsulting.co.uk\",\"https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake\"],\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Breaches - Easy and commonplace? - Halkyn Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/","og_locale":"en_GB","og_type":"article","og_title":"Security Breaches - Easy and commonplace? - Halkyn Security Blog","og_description":"On Monday we discussed the problem with people assuming that more and more successful hacks and security breaches were the result of “sophisticated” or “state-sponsored” attackers. Then, on Tuesday, the now-notorious LulzSec threw a new spanner into the works and opened up, via their twitter stream, the option for people to “dial in” and suggest […]","og_url":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/","og_site_name":"Halkyn Security Blog","article_published_time":"2011-06-15T09:05:18+00:00","article_modified_time":"2011-06-14T19:05:53+00:00","og_image":[{"url":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/06\/lulzsectweet-300x120.png"}],"author":"Taz Wake - Halkyn Security","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/tazwake","twitter_site":"@HalkynSecurity","twitter_misc":{"Written by":"Taz Wake - Halkyn Security","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/#article","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/"},"author":{"name":"Taz Wake - Halkyn Security","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc"},"headline":"Security Breaches – Easy and commonplace?","datePublished":"2011-06-15T09:05:18+00:00","dateModified":"2011-06-14T19:05:53+00:00","mainEntityOfPage":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/"},"wordCount":441,"commentCount":0,"publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"keywords":["Crime","Hacking","Internet","Security","Security News","Security Risk Management","Vulnerabilities"],"articleSection":["Security","Security News"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/","url":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/","name":"Security Breaches - Easy and commonplace? - Halkyn Security Blog","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website"},"datePublished":"2011-06-15T09:05:18+00:00","dateModified":"2011-06-14T19:05:53+00:00","breadcrumb":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/06\/security-breaches-easy-and-commonplace\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Halkyn Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/"},{"@type":"ListItem","position":2,"name":"Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Security Breaches – Easy and commonplace?"}]},{"@type":"WebSite","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","name":"Halkyn Security Blog","description":"Specialist Security & Risk Management Consultants","publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization","name":"Halkyn Consulting","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","width":"990","height":"170","caption":"Halkyn Consulting"},"image":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/2329571","https:\/\/twitter.com\/HalkynSecurity"]},{"@type":"Person","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc","name":"Taz Wake - Halkyn Security","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","caption":"Taz Wake - Halkyn Security"},"description":"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.","sameAs":["http:\/\/www.halkynconsulting.co.uk","https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake"],"url":"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9yHvD-10","jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/62","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/comments?post=62"}],"version-history":[{"count":3,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/62\/revisions"}],"predecessor-version":[{"id":67,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/62\/revisions\/67"}],"wp:attachment":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media?parent=62"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/categories?post=62"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/tags?post=62"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}