Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image

TAP Into Technology

Leading the Way in Network Technology

Data at Risk: Corporate Confidentiality and VTech’s Data Breach

Posted by Tim O'Neill | 1/12/16 12:06 PM

In the first Data at Risk series post about corporate confidentiality, we discussed a few industry-agnostic cornerstone attacks on corporate data and the need for network TAPs for visibility. One of our key realizations was that corporate confidentiality is in dire need of improvement.

However, in the wake of the recent VTech data breach, the weakness of corporate confidentiality is so apparent that companies of all sizes must start taking cyber security more seriously.

 The Basics of VTech’s Recent Hack

VTech, a toy manufacturer that makes gadgets fueled by the Learning Lodge online store, was compromised on November 14, 2015. Initial reports found that approximately 4.8 million parent accounts were breached in addition to over 200,000 child accounts. The records included genders, dates of birth and private pictures that could lead hackers to exact locations for children.

data breachIf the endless list of breached companies growing everyday hasn’t motivated companies to change their cyber security efforts, the fact that children are now being affected should invoke change. Companies in all industries should take VTech’s hack as a lesson for corporate confidentiality—but you must understand how the attack happened:

  • SQL Injection: The attack was initiated by SQL injection where the attacker inserted malicious code into VTech’s web forms to gain authoritative control over all servers and databases in the network. SQL injection is one of the oldest available tools in a hacker’s arsenal, proving just how unprepared VTech was for the attack.
  • Poor Detection: The hacker informed Motherboard of the compromise and proved just how many files he gained access to. Unfortunately, VTech was completely unaware of the breach until they were contacted by Motherboard. Visibility is key for corporate confidentiality; but as millions of records flowed out of the VTech network, it was clear their visibility and detection efforts were far below what should be expected.
  • Security Measures Almost Non-Existent: Cyber security researchers made a number of disappointing findings in the wake of the attack. First, while the breached passwords were hashed, the MD5 encryption algorithm used was known to be flawed for over a decade. Researchers also found that VTech failed to use SSL web encryption for data transfers, putting passwords up for grabs in any data breach. And lastly, it became clear that VTech had a serious data leakage issue, which could provide attackers with sensitive information before they even carried out their breach.

How to See Your Baseline Traffic

A December 11, 2015 update found that approximately 6.4 million child records were compromised in the attack—a staggering number that puts VTech’s breach among the most devastating attacks in history. While the attacker claimed no malicious intent, he noted that the hack was so easy that any other cyber criminal could have easily compromised the company before he disclosed their weaknesses. It’s 2016 now and companies must do more than VTech did to stop a data breach—and it all starts with visibility.

Network Monitoring and Visibility—Your Weapon Against Data Breaches

Consider the sheer volume of breached records in an attack of this size. With nearly 10 million records flowing from internal databases to an unknown external IP address, your WAN pipes would be packed with suspicious traffic for hours. If you’ve never experienced an incident like this, believe us when we say it’s pretty easy to see that much problematic traffic. Companies must be prepared before a breach ever occurs.

Preparation starts with knowing your baseline traffic. If VTech knew its baseline traffic, this breach may have been prevented.

Want to learn more about improving your network visibility? Start with this free white paper, How to See Your Baseline Traffic, and discover how you can revive corporate confidentiality.

Topics: Network Security, Hacks and Data Breaches

Written by Tim O'Neill

As the Senior Technology Consultant & Chief Editor at LoveMyTool, Tim O’Neill has over 45 years of technology experience at data/voice and video networking analysis companies, including successful senior roles in Sales, Product Design, Marketing Management, Business Development and Security.

Sign up for blog updates