Google Employees' Private and Financial Data Exposed!

Given the breaking news that Google Employees' data had been stolen revealing personal data like names, credit card and contact details, Javvad Malik, security advocate at AlienVault has offered advice on the matter:

"There is risk associated whenever a third party is engaged directly, or through the supply chain. A third party may have a very different risk appetite, or understanding of the risks it faces compared to the company it is providing services to.

"Sometimes, a third-party may consider information it holds, processes, or transfers to be of low value – however, to attackers, it could provide vital information as part of a bigger attack. It is what is often referred to as the ‘chemistry of data’ , where data, much like chemicals, may be inert in isolation; but could become highly volatile when combined with other data.

"For organisation, protecting against, or minimising against a third-party breach begins long before a breach actually occurs.

"At the time of selecting a third party, organisations should assess the data it would be sharing with the third party, and minimising any unnecessary sharing of information, as well as limiting third party access.

"Organisations should also share their risk appetite and threats with the third party in order to validate that the right level of security controls are in place. Monitoring and threat detection controls should be put in place so that any breaches or unauthorised access of data can be detected quickly.  

"Finally, a documented, and tested incident response plan should be in place that can minimise impact through manual, and automated procedural, and technical controls."

Also Read

Stay in the know with our newsletter