French P2p Monitoring Firm Suffers Data Breach
The prevailing IT security scenario makes it inevitable for organizations to strengthen their security infrastructure. Lack of adequate safeguards may allow attackers to intrude into the servers and gain access to privilege information. Recently, Trident Media Guard (TMG), a firm designated by the French government to scrutinize peer-to-peer (P2P) networks for copyright infringements suffered security breach. Security researcher Olivier Laurelli reportedly identified the security breach. An unsecured server at TMG was apparently leaking scripts, executables and files containing IP addresses of file-sharers.
Under the three strikes anti-piracy law of France, High Authority for the dissemination of works and the protection of rights (Hadopi) has authorized TMG to identify illegal fire-shares. TMG issues three warnings to illegal fire-shares to desist from further violation. If the violators fail to comply, TMG reports to a judge, who may pronounce various punishments including Internet disconnection. As such, TMG servers may have loads of sensitive information including IP addresses of hundreds of French citizens. However, TMG has reported that the server leaking information was only a test server and did not contain any personal information. Hadopi has reportedly taken control of TMG and is investigating the incident.
Security and data breach incidents have huge implications for affected individuals as well as customers. Attackers may use extracted information to launch phishing attacks, install malware, and gain remote access to computers. They may use compromised computers to disseminate spam, and attack other computers. Security breach incidents lead to loss of productive business hours, attract litigations for data security and privacy violations, and generate negative publicity.
Organizations must conduct regular in-depth security audit of the IT infrastructure through professionals qualified in IT degree programs and penetration testing. They must have proper procedures in place to monitor the effectiveness of network security, replacement of redundant devices and timely patch management. Online IT courses may help IT professionals to update their technical expertise, and implement latest mechanisms to strengthen the IT infrastructure from vibrant cyber threats.
Organizations must place high emphasis on creating IT security awareness among employees. Employees may use work computers to visit social media sites and send personal e-mails. Cybercriminals use social engineering techniques to trick employees into revealing privileged business information by misrepresenting as peers, subordinates, supervisors or business stakeholders. Organizations may make mandatory for employees to undertake e-learning programs or online IT degree programs to learn and implement best practices in information security.
Under the three strikes anti-piracy law of France, High Authority for the dissemination of works and the protection of rights (Hadopi) has authorized TMG to identify illegal fire-shares. TMG issues three warnings to illegal fire-shares to desist from further violation. If the violators fail to comply, TMG reports to a judge, who may pronounce various punishments including Internet disconnection. As such, TMG servers may have loads of sensitive information including IP addresses of hundreds of French citizens. However, TMG has reported that the server leaking information was only a test server and did not contain any personal information. Hadopi has reportedly taken control of TMG and is investigating the incident.
Security and data breach incidents have huge implications for affected individuals as well as customers. Attackers may use extracted information to launch phishing attacks, install malware, and gain remote access to computers. They may use compromised computers to disseminate spam, and attack other computers. Security breach incidents lead to loss of productive business hours, attract litigations for data security and privacy violations, and generate negative publicity.
Organizations must conduct regular in-depth security audit of the IT infrastructure through professionals qualified in IT degree programs and penetration testing. They must have proper procedures in place to monitor the effectiveness of network security, replacement of redundant devices and timely patch management. Online IT courses may help IT professionals to update their technical expertise, and implement latest mechanisms to strengthen the IT infrastructure from vibrant cyber threats.
Organizations must place high emphasis on creating IT security awareness among employees. Employees may use work computers to visit social media sites and send personal e-mails. Cybercriminals use social engineering techniques to trick employees into revealing privileged business information by misrepresenting as peers, subordinates, supervisors or business stakeholders. Organizations may make mandatory for employees to undertake e-learning programs or online IT degree programs to learn and implement best practices in information security.
Source...