Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

New York Times hack highlights a resiliency weak point shared by many organizations

By Barry Shteiman.

Earlier this week the Syrian Electronic Army hacked the website of the New York Times, successfully redirecting traffic to a notice stating that it had been ‘Hacked by SEA’.

Based on available resources, the New York Times hack was in fact a DNS service breach, caused by an attack on the publisher’s third party domain registrar, Melbourne IT.

This attack is unfortunately a validation of a prolonged security problem inherited because of the way that companies rely on third public services to conduct their business. While a company like the New York Times may be able to secure its own platforms, harden its systems and regularly check for vulnerable components on premise – it is a much harder practice when some of that infrastructure is provided by a third party like an ISP or a DNS hoster.

At some point, CIOs need to realize that critical pieces of their online entities are controlled by vendors and that organizational security policies need to apply to them as well. Companies should check the security measurements taken by their third party content and infrastructure providers.

A DNS breach is, unfortunately, a great example of a third party vulnerability which could be avoided if steps are taken: Twitter experienced the same successful attack as the New York Times, however disruption was avoided through the simple step of ensuring that a registry lock was in place.

Author: Barry Shteiman is senior security strategist, Imperva.

•Date: 29th August 2013 • US/World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here