Keep an eye on what those suppliers’ men doing

According to a news from com.com,  an auditor of McAfee from Deloitte & Touche USA losed the information CD where contains much of privacy information of McAfee’s employees. It’s a security incident happening outside of cyber space security.

Deloitte & Touche confirmed the incident. “A Deloitte & Touche employee left an unlabelled backup CD in an airline seat pocket,” a representative for the professional services firm said. “We are not aware of any unauthorized access to this data in the two months since the CD was lost.”

The McAfee incident is the latest in a string of data security breaches. In the last 12 months, more than 53 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.

McAfee has arranged for past and present U.S. employees to receive free services for up to two years from credit reporting agency Equifax. Similar arrangements are being made with a credit monitoring provider for Canadian employees, MacDermott said.

Another news reported that an engineer from UTstarcom, named Zhihan Cheng, intruded into the deposit card system of Beijing Mobile, which is one of the largest provincial company of China Mobile. The intruder stole cards and numbers with value of up to millions of RMB (about 400KUSD). According to the report, Zhihan exploited the pass code he kept when he worked for Tibet Mobile, as a Huawei service engineer.  It give us a lot of hint of how to lock down your system: delete those temporary accounts, change the password after the project turn key, segment and segregate your networks, harden your application… 

That’s a security incident happening at the cyber space security, driven by money.

Both of them are done by the employees from the providers, which we should pay more attention.  In order to magnify their core value and competitiveness, the telco companies are outsourcing more and more business to the partners, for product implementation, optimization, maintenance, auditing and etc. That means more and more 3rd part engineers are working tegather with their own employees, sharing the same internal networks and some other resources. It must be becoming a great challenge for security management in the recent years.  The IT managers should keep an eye on what those suppliers’ men are doing at your territory.

Comments are closed.

%d bloggers like this: