Friday, April 1, 2011

How the Epsilon breach might cause real security problems

Other email threats

In addition to phishing, we've seen other successful attacks recently, such as the RSA breach, which began with malware introduced by email that made its way into their corporate network.

So, it's not just phishing that organizations need to be concerned with.

We can expect not only an increase in targeted phishing emails, but also other man-in-the-middle, malware, and any other sort of attacks. It would be prudent for the victims of the Epsilon breach to look to layered methods of authentication to stop any potential subsequent attacks.

This is obviously a pitch for PhoneFactor's product by Dispensa, but the idea of multi-factor authentication is catching on. Many of us who play World of Warcraft use a little dongle to authenticate our accounts, to prevent the possibility of bad guys logging in and stealing our fake gold.

It is important for business and bank victims of the Epsilon breach look at using a layered method of protection in place to stop potential subsequent attacks.

Be wary, however, of using a second-factor authentication service across your business. In cases where employees leave, for example, we've found incidents where the company will remove the access rights at the second-factor aggregator, but still leave access in place for all the individual accounts.

In any case, think through your security and keep an eye on your accounts.