Hacking incident highlights need for vulnerability management

June 11, 2012

A major Australian telecommunications company was the victim of computer hackers last week (May 24), compromising the user details of 35,000 customers.

In a statement released last Thursday, Telstra announced it has taken precautionary measures to re-set thousands of customer passwords after a “site security incident” took place at two BigPond Games sites.

According to the telco – which reassured consumers that no financial details were at risk as a result of the security violation – its GameArena and Games Shop sites contained information regarding user details, which may have been compromised.

The company has acted quickly to reset passwords and contact affected users.

The privacy commissioner, Timothy Pilgrim, is currently investigating the incident.

Businesses concerned about the risk of computer crime should consider a red cell assessment, to ensure that their internal security protocols are up-to-date.

Red cell assessments are a thorough external examination of business security systems, with the intention of simulating an unauthorised hacking attempt. The test is designed to find weaknesses and foresee potential points of entry.

Ethical hacking procedures provide the benefit of a third-party appraisal, meaning they bring a fresh and unbiased viewpoint to security evaluation.

Red cell teams are highly trained in using both standard and unpredictable techniques to bypass business security systems. They give businesses the invaluable opportunity to identify weak-points and security flaws, without putting essential secure information at risk.

In a statement on the Australian Information Commissioner’s website, Pilgrim noted the concerning regularity with which incidents like Telstra’s are occurring.

“It is worrying that hacking incidents like this are occurring more often,” Pilgrim said, adding that the Telstra case is an important reminder to have the right level of security in place.

He added that under the Privacy Act, businesses are required to keep their security systems up-to-date in order to protect sensitive consumer information.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *