Tuesday, January 31, 2017

How Does Information Leak From Companies?

Frequently, data breaches are extremely complicated and they are carried out by some of the most intellectually gifted people in the world.

Other times though, data leakage can be as simple as a situation I just ran across.  Yesterday, someone from a company I have done business with in another part of the world, pushed a button. 

An email arrived in my Inbox that looked very similar to emails I’d received from my client in the past when they had something to share through their secure system.  Because the email was familiar to me, I proceeded to log into the system I’d logged into in the past.

The log-in only required my email address.  The password was already there. By simply adding my email address and logging into the system, I was in.  In to what you might ask?  Information that I didn’t need to or want to see.

I immediately contacted the person who had initiated the original email that came to me from my client. She recognized the mistake she had made and asked me to disregard what I had been sent.

Yes, this was a simple mistake and we all make simple mistakes from time-to-time.  Because of the work I do working with highly intelligent cyber security professionals, I started wondering how many times simple mistakes like this happen around the world in the course of a day.

Had the email that was sent to me been sent to someone else, they might not have been watching out for my client’s best interests as I was.  If another recipient of the email I received had bad intentions, they could have opened Pandora’s Box. 

There’s one for you Cyber Security folks to ponder.

SecurityRecruiter.com's Security Recruiter Blog