News
 
        Home         News & Events        News

VARs See Lesson In Monster.com Breach

CRN

By Shelley Solheim, CMP Channel

Edison, NJ, Aug 24th, 2007 –The breach of online jobs site Monster.com, which comprised 1.3 million job seekers' personal information, holds an important lesson for businesses banking on the Web to conduct business, say security solution providers.

The stolen data, which was found on a remote server and shut down by Monster.com this week, included users' names, addresses, phone numbers and e-mail addresses. Symantec security researchers first reported the incident last week, although it's still not clear when the breach first occurred.

The data was collected by the Trojan Infostealer.Monstres, which likely used stolen login credentials of legitimate employment recruiters to gain access to the site's resume database, according to a posting by Symantec researcher Amado Hidalgo on Symantec's Web site. The unsuspecting job seekers whose information was stolen then became the victims of various phishing e-mail scams attempting to empty their bank accounts.

"This is not only going to damage Monster.com's brand reputation but is also going to cost them a lot of money," says Shiv Kumar, executive vice president of ZSL, a security solution provider in Edison, N.J. "This is a good lesson for any business completely relying on Web infrastructure to provide their services to consumers, and this is also a good opportunity for a lot of solution providers specializing in security to take this to your customers and tell your customers how proactive security management can benefit them."

Service providers say the breach highlights the need for a multilayered approach to security.

"That involves a lot of different components, including end point protection, complex passwords, password policies, intrusion prevention detection, and some mechanism to correlate that information, and security monitoring," says Brian Okun, director of Prevalent Networks, a security solution provider in New York, N.Y.

"This is a very common form of attack we have these days, and in general how we address this is with a defense-in-depth approach. We make our users have security controls in place at the network and application level and make sure that they are monitoring the applications they provide on the Internet for any misusage, and the other thing is that they are making sure they are educating their users using their site on what information will officially come from them as a site provider," says John McNeely, CTO of Sword & Shield Enterprise Security, an information security consulting firm headquartered in Knoxville, Tenn.

Security solution providers said incidents like this also bolster the argument for services that include continual monitoring and point to the fact that Monster.com was not the first to know its site had been compromised.

"If you look at the evolution of security over the past several years you see a proliferation of point products, so you're talking about four to eight distinct areas within security and if you have to have someone watching over every one of those all the time that's a lot of blinking lights out there. Even if you were to invest in a security management platform, it's still nice to have some experts keep an eye on your security infrastructure because the bad guys don't work normal business hours," Okun says.

About ZSL

ZSL is an ISO 9001 certified provider of Onshore, Offshore & Near shore technology services. ZSL offers substantial cost savings and enhanced performance associated with a secure and effectively managed global development model. For over 10 years, ZSL has been partnering with a loyal following of clients seeking to leverage our proven delivery methodology, as well as 24/7 access to the very best technical resources and development tools available anywhere.

ZSL leverages specialized knowledge in Custom Enterprise Application Development, Enterprise Reporting & Business Intelligence Deployments, Enterprise Data Management & Administration, Enterprise Application Integration, Q/A - Testing and Mobile/Wireless/Web Application Development.

ZSL’s customer base includes small and medium sized companies across a broad range of verticals, as well as respected leaders in Finance & Banking, Insurance, Life Sciences, Telecommunications, Retail, and Manufacturing. For More information please visit us at www.zslinc.com

###

Contact:
ZSL Inc.
85, Lincoln Highway,
Edison, NJ 08820.
Phone: 732-549-9770
Fax: 732-767-6644
Email - info@zslinc.com

   



 

 
ZSL Solutions
   
  IT Outsourcing Services  
  Application Services  
  Replacement Technology  
  Mobile Computing Services  
  DW & BI Services  
  Managed Services  
  Virtualization Services  
  MS Dynamics Services  
  Enterprise 2.0 Services  
  QA & Testing Services  
   
   
   
 


  Corporate Overview
Brochure

Download | Size: 403KB
 
     
     
  Copyright © 2008 ZSL Inc. All rights reserved.