In response to recent news that a Spambot leaked 700 million email addresses online (link to story in The Guardian), four cybersecurity experts offer comments:
Giovanni Verhaeghe, Director Product & Market Strategy, VASCO Data Security, says: "Breaches like this highlight, once again, the importance of education when it comes to password management and password use. Resetting compromised passwords can be a good first step, but the breach had little to do with the passwords that were used. It was a result of the ease with which they can be accessed from the outside. The burden of responsibility lies heavily on organizations, and how much they invest in securing the information users share with them will make a huge difference to user confidence.
"Also, as users now demand a seamless experience across channels, organizations have the added responsibility of making sure that information is secure across these channels. The more user-friendly the system is, the more it needs security. This security can be transparent for sure, but if it doesn’t protect users and their data, it could be leaving the door opening for malicious and crippling attacks."
John Gunn, CMO, VASCO Data Security says: "Sophisticated hackers are increasingly weaponized by the large pools of identities that they stealing from poorly secured targets. Weak security at organizations with large pools of data is the nemesis of the well-secured enterprise."
Jonathan Sander, STEALTHbits Technologies reacts: “Perhaps the scariest part of this massive Spambot leak is seeing how much data the bad guys have and how little they are doing to protect it. Some may think the bad guy has no motivation to protect our data, but they do. The amount and how well enriched their data set is becomes their competitive advantage in a crowded black market. Just like people using Google more than other search engines because of their huge reach, the black market has brands that stake their reputation on having the biggest database of quality, stolen data. To see that even with such financial motivation they are failing to secure their ill-gotten goods is disheartening.”
Christian Lees, CTO and CSO, InfoArmor, says: “Several factors come to mind in consideration of this data disclosure. Here's points to consider.
There is evidence of a significant amount of speculative data, yet also the potential for meaningful amounts of pre-breached data from existing aggregation. Threat actors continue to expand their methods to potentially mainstream or expand their revenue streams. Continuous large data disclosures of this type, with potentially unverifiable data sources and targets, increase alert fatigue for security professionals. Also - this is another reminder that threat actors also live the dual-edge sword of security.”