For HBGary, it was a less important website. For CardSystems, it was just a research database, not the critical payment processing systems. For Heartland it was also a minor web application. RSA initial compromise point was an end user workstation. As we can see, big breaches not necessarily happen through an organization’s most important systems. That’s actually quite similar to security breaches in the physical world, it’s not common to see the attacker coming through the front door.
The non-critical stuff
The non-critical stuff
The non-critical stuff
For HBGary, it was a less important website. For CardSystems, it was just a research database, not the critical payment processing systems. For Heartland it was also a minor web application. RSA initial compromise point was an end user workstation. As we can see, big breaches not necessarily happen through an organization’s most important systems. That’s actually quite similar to security breaches in the physical world, it’s not common to see the attacker coming through the front door.