Cyber attacks expose systemic weakness in network security

TOKYO and WASHINGTON—A series of recent cyber attacks on some of the world’s biggest corporations suggest companies aren’t investing enough on securing network information or personal data.

“These attacks show us that a lot of companies have not done their due diligence when it comes to testing their networks as if they were hackers,” says Chester Wisniewski, senior security advisor at Sophos, a global developer of security software.

Most recently, Honda Motor Co. and Lockheed Martin were victims of cyber attacks, but both confirm stolen data did not include information usually used for identity theft or fraud.

Honda says the cyber attack exposed names, addresses and vehicle identification numbers, but did not include birthdates or credit card numbers.

“If I was a hacker, I’d be pretty disappointed to go to jail for 20 years for what they found,” says Wisniewski. “They basically got a phonebook and a bunch of numbers you could get by walking around a parking lot and looking through windshields.”

The auto-maker says about 280,000 accounts have been affected.

Lockheed Martin also confirms it suffered an attack on its network. The company provided no additional information related to the specifics of the alleged breach, but it is rumored the attack stems from a March infiltration of a remote access system.

Lockheed Martin has reset network passwords for more than 130,000 employees and will upgrade its remote access. The company also added an additional, undisclosed layer of security to the remote login procedure employees use to access its internal network.

Wisniewski suggests the Lockheed attack were much more sophisticated than the one against Honda.

“This was not some guy in his mom’s basement. The level of attack was sophisticated enough that it has to be some sort of espionage – these attacks were coordinated by extremely skilled, possibly government-trained hackers,” he opined.

The hackers may have been looking for the latest fighter jet or weapons plans, he adds, but we will likely never find out for sure.

The attack on Lockheed is not the type many manufacturers need to be concerned with, but the intrusion of Honda’s and Sony’s servers should be more worrisome.

“Those were opportunistic attacks,” says Wisniewski. “The Honda and Sony attacks were done by hacking groups who sift the internet looking for sites with flaws and break them apart when they find them. The majority of them are random attacks.”

He says it’s becoming increasingly pertinent for companies to ensure data is encrypted, especially with today’s wireless connectivity.

“Anything that’s even border line sensitive has to be encrypted,” he says. “There’s no inside or outside networks now. That paradigm has changed because of the wireless world.”