In the first Data at Risk series post about corporate confidentiality, we discussed a few industry-agnostic cornerstone attacks on corporate data and the need for network TAPs for visibility. One of our key realizations was that corporate confidentiality is in dire need of improvement.
However, in the wake of the recent VTech data breach, the weakness of corporate confidentiality is so apparent that companies of all sizes must start taking cyber security more seriously.
VTech, a toy manufacturer that makes gadgets fueled by the Learning Lodge online store, was compromised on November 14, 2015. Initial reports found that approximately 4.8 million parent accounts were breached in addition to over 200,000 child accounts. The records included genders, dates of birth and private pictures that could lead hackers to exact locations for children.
A December 11, 2015 update found that approximately 6.4 million child records were compromised in the attack—a staggering number that puts VTech’s breach among the most devastating attacks in history. While the attacker claimed no malicious intent, he noted that the hack was so easy that any other cyber criminal could have easily compromised the company before he disclosed their weaknesses. It’s 2016 now and companies must do more than VTech did to stop a data breach—and it all starts with visibility.
Consider the sheer volume of breached records in an attack of this size. With nearly 10 million records flowing from internal databases to an unknown external IP address, your WAN pipes would be packed with suspicious traffic for hours. If you’ve never experienced an incident like this, believe us when we say it’s pretty easy to see that much problematic traffic. Companies must be prepared before a breach ever occurs.
Preparation starts with knowing your baseline traffic. If VTech knew its baseline traffic, this breach may have been prevented.
Want to learn more about improving your network visibility? Start with this free white paper, How to See Your Baseline Traffic, and discover how you can revive corporate confidentiality.