Avatar photo

Contributor

Author Bio ▼

Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
February 21, 2014

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Google Next-Gen Security Investment Could Prevent Future Maryland-Style Breaches

The Armory, Maryland University (photo: Bgervais on Wikimedia Commons)

The Armory, Maryland University (photo: Bgervais on Wikimedia Commons)

A sophisticated hack on Maryland University has highlighted the vulnerability of network security as Google invests heavily in a new wave of cyber security start-ups.

More than 300,000 student and staff records were compromised on Tuesday after the university’s ID card system was breached by hackers.

The attack must have been highly sophisticated, the university’s vice president told the Washington Post.

“There’s no open door. These people picked through several locks to get to this data,” said Brian Voss.

Hackers mounted their attack at around 4am on Tuesday after gaining access to a secure records database comprising social security numbers, dates of birth and university identification numbers for 309,079 staff, students and faculty members.

“Multi-layered defences”

University President Wallace D. Loh said in a statement issued the following day: “Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defences were bypassed.”

Brian Voss said that although hackers didn’t change the records they essentially “made a Xerox of it and took off.”

The breach encompasses records dating back as far as 1998 (which surely wouldn’t have happened in the UK, where regulation governing data protection is more robust).

Maryland University has promised free credit monitoring for a year for those whose information was compromised.

The growing sophistication of hackers has driven a new wave of cyber security innovators, with Google investing in a further two IT security start-ups this week.

Ionic Security, which specialises in access control, intellectual property monitoring, data encryption and policy management, raised $25.5m in a fundraising round led by Google Ventures and Jafco Ventures.

Google Ventures also led a $4m funding round for ThreatStream, which claims to be “the first threat intelligence platform that manages the entire life-cycle of threat intelligence, from multi-source acquisition to actionable operations across the entire eco-system of existing security devices.”

Last month Google Ventures also funded Shape Security, which plans to thwart cyber criminals with constantly morphing computer code.

Karim Faris, general partner at Google Ventures, said: “With the rise of cloud services and an increase in mobile workers, current security models are much less effective than they used to be.”

ThreatStream offers a “smarter way to analyse threats and take action against them”, he said.

Third parties

Steve Abbott, chief executive of Ionic Security, said companies’ too often risked losing control of important information as it traveled around the web. “Corporations are spending billions of dollars on research and development,” he said. “You’re going to want to put an envelope around that.”

Even the most robust security systems can be negated where companies entrust data to third parties with inferior protections. The details of 70m customers of US chain Target were pilfered last year from a third party vendor, for example.

Ionic’s new program aims to give companies control of their data even when it is passed – deliberately or otherwise – to other parties. Every piece of data is encrypted, with sensitive information tied to security envelopes.

Abott says the Snowdon affair, when Edward Snowdon passed top-secret NSA files to the Guardian newspaper, has shaken the complacency out of corporate America – if the government “don’t necessarily have the best controls, who can? And I think it is why people are out of denial and into action mode.”

With confidential information attracting  a high premium on the black market, cyber security solutions will surely grow ever-more labyrinthine to ward of an evolving threat.

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Topics: