InformationWeek is reporting yet another network breach, this time involving internet retailer Vertical Web Media. According to the retailer's president Jack Love, they weren't hit by "ordinary" hackers:
"This troubles us deeply. We thought our site was extremely well protected," Love told InformationWeek. "We were up-to-date on all our patches. We get a quarter of a million visits a month to our site. We've seen hacking attempts before. Anyone with a site that highly trafficked is going to see that, but we hadn't had a problem. We had a sense of security. But the message here is you can never feel content with security. You have to be ever vigilant." (emphasis added)
Kudos to Mr. Love for hitting the nail right on the head. Security is a never-ending process where you have to be constantly improving and on your guard 24/7. You can be up-to-date on all your patches, you can be using the latest and greatest security tools and you can be compliant with every single standard and regulation in the books. But you still need to be ready to detect and respond to a successful attack. Can you detect it as soon as it happens? Can you contain it and minimize the damage? What are your top priorities during an attack? Prevention, detection and response: All three are necessary.
Lessons from the Field: How Are Skilled Technical Testers Infiltrating?
Jan 30, 2017 Register
Information Security Risk Management