Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 17 June 2019 08:55

Symantec hid breach of demo system for four months: report

By
Symantec hid breach of demo system for four months: report Image by ibrahim abed from Pixabay

American cyber security behemoth Symantec suffered a breach of its systems in February but kept quiet about it even though passwords and a list of companies said to be its clients were stolen by an attacker.

The Guardian reported that its staffer, Paul Karp, had seen the list which included a large number of Australian Federal departments. The attacker was the same one who had contacted the newspaper and claimed to have Medicare data for sale on the dark web.

Symantec has played down the incident, telling The Guardian that the system involved was "an isolated self-enclosed demo lab in Australia" not connected to its corporate network.

But don't security companies secure such labs even if they are, as the company put it, "used to demonstrate" security solutions and how they work together? Or are they left open to world+dog?

How many other breaches of this kind have taken place at Symantec and gone unreported? We only know about this incident because Karp got wind of it. Four months have gone by since it occurred, so it looks like Symantec was resorting to an old Microsoft recipe: security through obscurity.

symantec homepage

A screenshot of part of the Symantec homepage.

The company told The Guardian that the incident in question was not reported because it had concluded "no sensitive personal data was hosted in or extracted from this demo lab, nor were Symantec’s corporate network, email accounts, products or solutions compromised".

Whether the files within that system were dummy data or not, the only systems that are left open on the Internet are play servers where the person who sets them up wants them to be breached in order to collect data for a study. Another category of system known as a honeypot is often left with some ports purposely open so that it is attacked, once again for the purpose of study.

Rather than trying to whitewash the incident now, Symantec should have made proper disclosure at the time and said everything that it is now being forced to say.

It is a bad look for a company that claims to have "the strongest cyber defence platform powered by the world’s largest and most dynamic civilian threat intelligence network".

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments