By Adam Boone
This week a court ruled that the US Federal Trade Commission (FTC) can sue companies that do not deploy an adequate security architecture to safeguard consumer information. As Jason Bloomberg writes in Forbes, this ruling is a wake-up call for enterprises, placing them under even more pressure to ensure their cybersecurity controls are effective.
But, as the Forbes article discusses, just what are adequate and effective security controls?
The FTC sued Wyndham Hotels and Resorts in relation to three data breaches in 2008 and 2009. In the filings, the FTC alleged that Wyndham’s IT security architecture failed to protect consumer data and that the company made deceptive privacy and confidentiality statements on its website.
The FTC reported that once hackers had compromised a single user’s account, they had unfettered access to highly sensitive applications across the Wyndham systems.
We’ve seen this same failing again and again in data breach after data breach. Hackers compromise a single user and then can move laterally through the IT infrastructure, hopping from app to app to app until they find the most sensitive data to steal.
Read the entire article at https://www.linkedin.com/pulse/feds-give-cybersecurity-wake-up-call-adam-boone.
