Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
FinFisher, a provider of backdoors to government agencies, was compromised last week. 40GB of internal product documents and customer lists were leaked to the Internet. Recently, a Pastebin paste, allegedly by the attacker, revealed valuable information about how the attack happened. Like many other victims of hacktivist-style attacks, FinFisher had incomplete security controls and common security vulnerabilities.
The attacker exploited SQL Injection, file inclusion, insecure password storage, poor content filtering and insecure permission settings to steal FinFisher’s confidential information. These common vulnerabilities are well known and easily fixed, but they still appear in most data breach investigations. Sophisticated APT attacks may grab headlines, but if an organization hasn’t mastered security basics they’re vulnerable to any common attacker of moderate skill and free tools.
Although breaches are inevitable and attackers will attempt to bypass security controls, the good news is that by hardening their environment and investing in security monitoring, organizations can slow attackers, respond faster, and minimize damage. There’s no reason to make attackers’ jobs easier by neglecting security best practices.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.