No Company Is Too Big To Be Breached

Sue Marquette Poremba
Slide Show

Eight Ways to Prevent Data Breaches

Perimeter CTO Kevin Prince has kindly offered up several tips for preventing a data breach.

It appears that Brian Krebs is a very popular man right now.


I saw an article on CNN announcing that the RSA SecureID breach of this past spring affected 760 companies -- many major corporations -- and that Krebs released that list on his blog. As of this writing, I can't actually confirm anything that Krebs wrote because I can't get onto his site.


While that's frustrating, it's great news that so many people want to get the low-down on this very major breach. I'm thrilled that CNN put it front and center on its page, too, because, in the spirit of Cybersecurity Awareness Month, the more people made aware that these breaches are happening, the better. Maybe then both business and individuals will think a little more about security and take the issues more seriously.


Remember "Too Big to Fail," the oft-used phrase when the big banks received their government assistance? Well, this is a lesson that there is no company too big to breach. According to the CNN article, one fifth of the Fortune 100 were named by Krebs, along with a number of other high-profile companies. An important point Krebs made, CNN said:

As Krebs was quick to note, many Internet service providers were on the list, most likely because their subscribers were attacked using their network, not because the companies themselves were compromised. That means that companies like Comcast (CMCSA, Fortune 500), Windstream (WIN), Verizon (VZ, Fortune 500), AT&T (T, Fortune 500) and Sprint (S, Fortune 500) may be off the hook.

Not surprisingly, given the list of big-name companies, there is a bit of denial going on, according to ZDNet UK. For example, eBay said it was not compromised and is asking Krebs to correct that information. According to CNN, Krebs said the information on the affected companies came when researchers traced the networks that were communicating with the server responsible for the RSA attack.


I want to see how this all plays out. If these companies were affected by the RSA attack, they need to admit it and let customers know what, if any, data may have been compromised. If they weren't part of the attack, I would like to be assured that data is secure. As I have been told by security experts repeatedly, breaches will happen to everybody. The list of companies, at least the names I've seen so far, doesn't surprise me. But don't run and hide. That's how you ruin your reputation.

Add Comment      Leave a comment on this blog post
Oct 31, 2011 11:59 AM Helen Stefan Helen Stefan  says:

Please check your facts before posting.  CNN did not 'announce that the RSA SecureID breach of this past spring affected 760 companies', nor is that a true statement.  Krebs wrote that those companies 'were infiltrated using many of the same tools and Internet infrastructure' used to hit RSA. 

Kreb's reporting was on the attackers and possible organizations that may be been targeted.  An unsubstantiated suggestion references unnamed security experts' and unverified information that suggests '  with some of the same resources used to hit RSA.'   RSA or the information taken from RSA had nothing to do with these companies

Nov 4, 2011 6:50 AM Mitchel Smith Mitchel Smith  says:

I see your point even if the facts may be incorrect. With so many breaches occuring however, it seems that companies will get away with little to no consequence for leaking confidential data of their clients. Stronger authentication is a must for the future of everyones personal data.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.