https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Security Central: Glitch Leaves Alaskan Voters Out in the Cold, SEC Reveals Breach

  • Written by Allison Francis
  • October 23, 2017
This week’s Security Central takes a peek inside Alaska’s exposed voter records, explores the SEC cybersecurity breach, and takes a look at results from Intermedia’s 2017 Data Vulnerability Report.

Oops!… They did it again. For what seems like the billionth time, U.S. voter records have been exposed, this time targeting Alaska. A cache of voter records containing the personal information of nearly 600,000 voters in Alaska was inadvertently exposed online. The culprit? An unsecured CouchDB database. And just, you know, a giant oversight.

The cause of the hack was discovered by researchers at the Kromtech Security Research Center, who determined that the database of about 593,000 voters (that’s every registered voter in the state of Alaska) was accidentally configured for public access. That means it was just out there, floating in the breeze without any sort of password protection or security wall, making it accessible to anyone who knew where to look. No logging in, no verification, nada.

The exposed records contained the usual sensitive data of prospective voters including names, addresses, dates of birth, ethnicity, marital status and voting preferences. This time, though, it went deeper than that. They also contained extremely personal information such as household income, the age ranges of children, whether the person is a homeowner and stances on controversial issues such as climate change, gun control and tax reforms.

The voter database had been compiled by the leading broker of voter data TargetSmart, but appears to have been stored in a misconfigured online database by the marketing group Equals3 which purchased the list from TargetSmart. 

“In this era of pervasive data-driven sales, marketing and operations, data is the raw material for successful businesses and political campaigns,” said Zohar Alon, co-founder and CEO, Dome9. “It is more important than ever to define strict controls and practices for the handling of sensitive data, especially when there are multiple vendors touching the data.”
 
Alon goes on to say that attackers are looking for two things: repositories with data of value to organizations and weak security practices. As more data makes its way to the public cloud and security practices around CouchDB become more standardized and robust, attackers will shift their attention to other low-hanging fruit, end exploit commonly known security gaps such as misconfigurations.

Hard to miss the lesson here. Even though disaster was avoided in this case, it’s a good reminder for customers and providers alike.

Our second story shines a spotlight on the Securities and Exchange Commission (SEC). The institution revealed this week that hackers had previously breached its store of files on publicly traded companies. Previously, as in last year. As in 2016.

On Wednesday, SEC Chairman Jay Clayton released an eight-page statement on cybersecurity that describes the 2016 system breach of EDGAR, a platform which collects detailed financial reports on publicly traded companies that they’re required by law to release. According to Clayton, the company was completely in the dark on this – they didn’t discover until last month that the breach could have served up important and private information that hackers could exploit to make illegal trades.

Back in July, the Government Accountability Office released a report that found deficiencies in the SEC’s information systems that “limited the effectiveness of the SEC’s controls for protecting confidentiality, integrity and availability.” And here’s the kicker – the report also found that the SEC did not always encrypt information and had failed to fully implement recommendations that would help detect intrusion.

SEC’s new director, Walter J. Clayton, has said the agency would work to improve its cybersecurity protections. “We must recognize — in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”

Our final story takes a look at new findings from part one of Intermedia’s 2017 Data Vulnerability Report, which looks at the security behavioral and general work habits of more than 1,000 office workers in the United States.
 
The report states that as security threats like ransomware and phishing expand in scope and damage, anyone who works in an office (from CEOs all the way to interns) will continue to fall victim to and serve as the prime target for such attacks, despite an organization’s effort to educate and train their employees on security best practices.
 
Here are a few of the key findings:

  • Nearly half (49%) of office workers said they could not tolerate losing access to work data for more than a few hours.
  • Roughly one-in-five (21%) admit to being victims of phishing emails.
  • Male office workers (90%) are more confident than female office workers (83%) in their ability to detect a phishing email.
  • 86% of office workers feel confident in their ability to detect phishing emails, but roughly one in seven said they are not confident or do not know what phishing is.

The report also touches on the disparity between the number and severity of attacks in recent years and the surprising lack of employee training. “Today’s rapidly changing threat landscape makes it more important than ever for companies to educate employees on new types of cyberattacks and vulnerabilities,” says Ryan Barrett, Intermedia’s Vice President of Security and Privacy.

Barrett uses the recent Equifax breach as an example. The attack was “by far the most invasive when you consider the sheer amount of sensitive personal data that’s been accessed. This incident further arms scammers and hackers with information to craft exceptionally compelling, targeted phishing attacks. At this point, businesses should assume that bad actors are going to try to use this information to gain access their systems.”

Can we get an “amen?”

The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.​

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security Technologies

Related


  • cybersecurity predictions
    Cybersecurity: What to Expect in 2021
    Remote work is here to stay (and other cybersecurity predictions for the year ahead).
  • Hungry Businessman
    Acquisition-Hungry Sapphire Systems Powers Ahead with US Expansion
    The newly appointed GM shares plans for U.K. SI Sapphire Systems’ U.S. growth.
  • backup and recovery cloud
    Cloud-Based CRM: What SMBs Need to Know about Backup and Recovery
    The cloud makes CRM more accessible to SMBs, but solutions must be layered with backup and recovery.
  • Woman Thumbs Up
    Industry Experts Laud Biden Proposal for Increased Federal Cybersecurity Spending
    The plan includes increasing Cyber Security and Information Security Agency (CISA) funding.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Judge: AWS Does Not Have to Reinstate Parler
  • SolarWinds Hackers Hit Malwarebytes, But Impact Limited to Internal Email
  • How the Pandemic Will Influence Channel Partner Businesses in 2021
  • Why Partners Should Prioritize AI in 2021

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Webinars

View all

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@HPE appoints new head of worldwide distribution. #cloud dlvr.it/RrKJLT https://t.co/FW0OUTDJFF

January 25, 2021
ChannelFutures

Following its acquisition of SAP specialist Pioneer B1, new @SapphireSystems GM reveals "buy and build" growth stra… twitter.com/i/web/status/1…

January 25, 2021
ChannelFutures

.@exabeam, @VulcanCyber, @ntti3, @Vectra_AI, @Lookout and @valtixinc give high marks to @POTUS' federal… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Judge sides with @AWScloud against #Parler; @SADAsystems gets AI-centric board member; @EnsonoIT, @navisite get… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

2021 may be the year of the #security-centric #MSP @BarracudaMSP #remoteworking #ITsecurity #dataprotection #RMM… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Adding #AIOps and #AI-driven WANs will help IT administrators move forward, says @MistSystems.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Microsoft taps @tybryson as corporate VP @msuspartner group @julwhite heading to SAP, @anderson to @Qualtrics.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

#MSPs can inject predictability into #threathunting @Sophos #cybersecurity #ransomware dlvr.it/Rr4ffV https://t.co/Bztc2Yxwvc

January 22, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X