Forrester: Database security a must
Erin Kelly, Contributor (sources from SearchSecurity)
When the economy is in a downturn and the fear of layoffs loom, enforcing database security using database monitoring and database encryption tools is fundamental to defending against data leakage and can be implemented even on a tight budget, said Jonathon Penn, principal analyst at Forrester Research.
"[The database] is a target for external attack, it's also a target for abuse and misuse by internal people," Penn said. "So protecting that is important, whether it be monitoring for large downloads by authorized people or monitoring the extent to which they're interacting with the database, whether [their activity] be suspicious or indicate they're taking information with them because they're leaving the company or worried about layoffs."
In the recent report, "TechRadar For SRM Professionals: Database and Server Data Security, Q2 2009," Forrester investigated the current state of eight significant technologies: centralized key management, data classifiers for security, data discovery scanners, database encryption, database monitoring and protecting, outbound Web application filtering and tape and backup encryption.
"We found protecting data is an incredibly complex task, and there is no single technology or process you can put in place in order to safeguard your information," Penn said. "On top of that, threats have become more sophisticated, more targeted, and the criminals behind these attacks have excellent resources at their disposal."
Penn recommended desktop, laptop and full disk encryption as some of the easiest and most cost-effective ways to manage security. However, he stressed that a cost-effective approach is not always about what you go out and buy, but can be as simple as implementing security measures on an ongoing basis.
The report, authored by Forrester senior analyst Andrew Jaquith, claims brute-force technologies like encryption will remain popular and monitoring technologies will also see an uptake in adoption, yet data classification and data discovery technologies that span multiple technology domains still have complexities that need to be worked through.
Data encryption and monitoring technologies are favorable for users because they focus on targeted assets and are very specific products, Penn said. Data discovery and data classification tools require different stakeholders in an organisation to come to a consensus and must be coordinated across these different groups in order to be effective, making them more complicated and expensive projects, he said.
Forrester urges security professionals to move forward on data discovery and classification projects. Security pros should work with knowledge management professionals, storage managers, business units, and information officers within their organisation to define and locate customer data as well as agree on and implement an appropriate policy, Penn said.
"The need to come up with a coordinated approach is paramount to really solving this problem and we're not there yet by any means," Penn said. "It's not just the technology – it's the maturity of the organisation to get to that degree of coordination."
Data discovery and data classification are also the most expensive technologies studied in the report because that state of the market requires organisations and users to adopt multiple tools to carry out the projects, Penn said.
"Data discovery and data classification tools right now are not at the level of maturity where you can buy a single tool or product to coordinate everything," Penn said. "That's why those tools will be lagging by which the speed they are adopted."
Dedicated tape and backup encryption technologies are expected to decline in the next five years, according to the report. The tools are fairly mature and are being built into storage devices instead of being purchased separately, Penn said.
In the future, Penn recommends security and risk professionals build awareness and momentum around understanding data and enforcing policy.
"I think that's the biggest challenge – getting people involved and coordinating an understanding of data," Penn said. "Security professionals have not been able to do this so far, but they need to move slowly and work with the legal department and build up support for coordinating projects together so an organisation has a single view of the policy."
Friday, June 19, 2009
Thursday, June 18, 2009
Expert Video -- DLP: Enterprise Tools and Strategies
sponsored by Guardium
Data leak prevention (DLP) tools are a hot ticket on the security market, but what are they really capable of, and how easy are they to operate?
In this interview, DLP expert Rich Mogull expounds on the multifaceted uses of these tools and gives best practices for implementation and operation. Topics addressed include:
http://link.brightcove.com/services/player/bcpid17952547001?bclid=17971677001&bctid=18010200001
Speaker
Rich Mogull Founder, Securosis LLC
Rich Mogull has over 17 years experience in information security, physical security, and risk management. Prior to founding Securosis, Rich spent 7 years as one of the leading security analysts with Gartner, where he advised thousands of clients, authored dozens of reports and was consistently rated as one of Gartner’s top international speakers. He is one of the world’s premier authorities on data security technologies.
sponsored by Guardium
Data leak prevention (DLP) tools are a hot ticket on the security market, but what are they really capable of, and how easy are they to operate?
In this interview, DLP expert Rich Mogull expounds on the multifaceted uses of these tools and gives best practices for implementation and operation. Topics addressed include:
- How much information a DLP tool needs in order to be effective
- Eye-openers that companies experience when using the tools
- DLP tools' deep inspection capabilities
- Whether full suite DLP tools are preferable to individual DLP solutions
http://link.brightcove.com/services/player/bcpid17952547001?bclid=17971677001&bctid=18010200001
Speaker
Rich Mogull Founder, Securosis LLC
Rich Mogull has over 17 years experience in information security, physical security, and risk management. Prior to founding Securosis, Rich spent 7 years as one of the leading security analysts with Gartner, where he advised thousands of clients, authored dozens of reports and was consistently rated as one of Gartner’s top international speakers. He is one of the world’s premier authorities on data security technologies.
Wednesday, June 17, 2009
Report: No Magic Bullet For Database, Server Security New Forrester report says encryption, data monitoring technologies key tools for now
contributed by Kelly Jackson Higgins, DarkReading
There's no quick fix for securing data on databases and servers, and new tools that can prevent attacks on these systems are a long way off, according to a new report.
For the near term, encryption will remain the most popular defense for locking down data on databases and servers, while database monitoring and Web filtering will continue to be pervasive tools for breach detection, according to Forrester Research's new report.
Protecting data on servers and databases has never been easy, and doing so has become only more challenging with mobile users, cloud computing, and an unstable employment climate, says Jonathan Penn, vice president of tech industry strategy/security at Forrester, who co-authored the report with Forrester's Andrew Jaquith. "Over the foreseeable planning horizon, help for CISOs will not arrive in the form of a miracle tonic. Forrester does not foresee that a miraculous technology -- for example, error-free data discovery and classification -- will emerge to save the day," he says.
Instead, existing "brute force" tools, like encryption and data masking, will continue to emerge as the key tools to keeping data under wraps, while database monitoring and Web application filtering will provide insight into breaches. "While prevention may not prove practical in all cases, detection will be," Penn says. Compliance and contractual requirements will keep organizations buying those technologies, which "give them visibility to theft, corruption, and abuse as it happens," he adds.
The Payment Card Industry Data Security Standard (PCI DSS) and states' data breach disclosure laws are driving enterprises to adopt these data security technologies.
Meanwhile, enterprises aren't ready to deploy data discovery and classification technologies, Forrester says. The data discovery market won't mature for several years, Forrester says, even though the concept of crawling an enterprise network to find where the sensitive data lives should be a no-brainer by now in this age of big search engines.
Data classification, meanwhile, won't hit its stride until about 2014, when security-specific data classification tools will blend with knowledge management and electronic records classification technologies.
"Classification is a challenge because many different groups are looking at [it] from different perspectives and not coordinating their efforts," Penn says. The security, storage management, legal departments, and information/knowledge management groups all need these tools, but they won't make it into the organization until security/risk management and information/knowledge management team, he says.
"These groups will realize that by aligning their interests, they can be more effective, consolidate vendors, and cut costs," Penn says.
Plus, data classification tools, such as data protection, archiving/retention, e-discovery, and knowledge management, are very focused, he says. "For example, e-discovery classification tools have far less sophistication in their content analysis capabilities than the DLP [data leakage protection] tools security people are employing," he says. "Classification needs to be done in the infrastructure, across areas, so that a file managed by the archive system is classified the same way that a rights management [system] would classify it when deciding who can look at it, and the same way a DLP product would classify it when deciding whether a user can send it off to a USB or by email."
Forrester's report, "TechRadar For Vendor Strategy Professionals: Database And Server Data Security, Q2 2009," is geared for vendors looking at how to plan their strategies in this space.
contributed by Kelly Jackson Higgins, DarkReading
There's no quick fix for securing data on databases and servers, and new tools that can prevent attacks on these systems are a long way off, according to a new report.
For the near term, encryption will remain the most popular defense for locking down data on databases and servers, while database monitoring and Web filtering will continue to be pervasive tools for breach detection, according to Forrester Research's new report.
Protecting data on servers and databases has never been easy, and doing so has become only more challenging with mobile users, cloud computing, and an unstable employment climate, says Jonathan Penn, vice president of tech industry strategy/security at Forrester, who co-authored the report with Forrester's Andrew Jaquith. "Over the foreseeable planning horizon, help for CISOs will not arrive in the form of a miracle tonic. Forrester does not foresee that a miraculous technology -- for example, error-free data discovery and classification -- will emerge to save the day," he says.
Instead, existing "brute force" tools, like encryption and data masking, will continue to emerge as the key tools to keeping data under wraps, while database monitoring and Web application filtering will provide insight into breaches. "While prevention may not prove practical in all cases, detection will be," Penn says. Compliance and contractual requirements will keep organizations buying those technologies, which "give them visibility to theft, corruption, and abuse as it happens," he adds.
The Payment Card Industry Data Security Standard (PCI DSS) and states' data breach disclosure laws are driving enterprises to adopt these data security technologies.
Meanwhile, enterprises aren't ready to deploy data discovery and classification technologies, Forrester says. The data discovery market won't mature for several years, Forrester says, even though the concept of crawling an enterprise network to find where the sensitive data lives should be a no-brainer by now in this age of big search engines.
Data classification, meanwhile, won't hit its stride until about 2014, when security-specific data classification tools will blend with knowledge management and electronic records classification technologies.
"Classification is a challenge because many different groups are looking at [it] from different perspectives and not coordinating their efforts," Penn says. The security, storage management, legal departments, and information/knowledge management groups all need these tools, but they won't make it into the organization until security/risk management and information/knowledge management team, he says.
"These groups will realize that by aligning their interests, they can be more effective, consolidate vendors, and cut costs," Penn says.
Plus, data classification tools, such as data protection, archiving/retention, e-discovery, and knowledge management, are very focused, he says. "For example, e-discovery classification tools have far less sophistication in their content analysis capabilities than the DLP [data leakage protection] tools security people are employing," he says. "Classification needs to be done in the infrastructure, across areas, so that a file managed by the archive system is classified the same way that a rights management [system] would classify it when deciding who can look at it, and the same way a DLP product would classify it when deciding whether a user can send it off to a USB or by email."
Forrester's report, "TechRadar For Vendor Strategy Professionals: Database And Server Data Security, Q2 2009," is geared for vendors looking at how to plan their strategies in this space.
Why Your Databases Are Vulnerable to Attack - And What You Can Do About It
contributed by Dark Reading
Most of an enterprise’s most sensitive and valuable information resides in databases. Yet, in many organizations, database security is often neglected, misunderstood, or even ignored. In this report, we discover why databases have become one of the most popular targets for hackers - and how everyday mistakes in database administration contribute to these attacks. We also offer some advice on what your organization can do to protect your most critical data - and to stop hackers in their tracks.
To read more, you can download the whitepaper HERE.
contributed by Dark Reading
Most of an enterprise’s most sensitive and valuable information resides in databases. Yet, in many organizations, database security is often neglected, misunderstood, or even ignored. In this report, we discover why databases have become one of the most popular targets for hackers - and how everyday mistakes in database administration contribute to these attacks. We also offer some advice on what your organization can do to protect your most critical data - and to stop hackers in their tracks.
To read more, you can download the whitepaper HERE.
Best Practices for Improved Database Security: Data Discovery and Classification for Database Activity Monitoring
comtributed by Imperva, Inc.
Read this white paper to learn the need for database discovery and data classification, two processes that constitute the first steps in database activity monitoring.
Download from HERE.
comtributed by Imperva, Inc.
Read this white paper to learn the need for database discovery and data classification, two processes that constitute the first steps in database activity monitoring.
Download from HERE.
Protect: Protect Today, Secure Your Future. Best Practices
Publisher Symantec Corporation
Preventing data breaches is a primary challenge. Companies must adopt industry best practices and help them build a robust security program for effective enterprise data protection. These best practices also enable companies to demonstrate compliance with both internal policies and key government regulations.
To find out more, please download the whitepaper from HERE.
Publisher Symantec Corporation
Preventing data breaches is a primary challenge. Companies must adopt industry best practices and help them build a robust security program for effective enterprise data protection. These best practices also enable companies to demonstrate compliance with both internal policies and key government regulations.
To find out more, please download the whitepaper from HERE.
Guardium appoints new director of sales for government markets
contributed by http://www.datamonitor.com
Jun 15, 2009 (Datamonitor via COMTEX) -- Guardium, a database security company, has appointed Craig Marr as director of sales for government markets.
Mr Marr has more than 20 years of federal technology sales experience, including more than 13 years focusing on security. As director of federal sales for IBM/Internet Security Systems
(ISS), the trusted security advisor to thousands of government organizations and businesses. At ISS, he also teamed on federal programs with system integrators such as CSC, Lockheed Martin, Northrop Grumman, SRA, General Dynamics, Unisys, IBM and Boeing.
Ram Metser, CEO of Guardium, said: "Emerging insider threats and cyber threats, particularly from sophisticated hackers and criminals looking to infiltrate the US government, reinforce the immediate need for agencies to have strong automated controls in place to safeguard sensitive information and demonstrate compliance. With Craig's extensive industry experience coupled with Guardium's innovative technology and major reference accounts, we expect to further expand our footprint as federal spending in this vital area continues to grow."
contributed by http://www.datamonitor.com
Jun 15, 2009 (Datamonitor via COMTEX) -- Guardium, a database security company, has appointed Craig Marr as director of sales for government markets.
Mr Marr has more than 20 years of federal technology sales experience, including more than 13 years focusing on security. As director of federal sales for IBM/Internet Security Systems
(ISS), the trusted security advisor to thousands of government organizations and businesses. At ISS, he also teamed on federal programs with system integrators such as CSC, Lockheed Martin, Northrop Grumman, SRA, General Dynamics, Unisys, IBM and Boeing.
Ram Metser, CEO of Guardium, said: "Emerging insider threats and cyber threats, particularly from sophisticated hackers and criminals looking to infiltrate the US government, reinforce the immediate need for agencies to have strong automated controls in place to safeguard sensitive information and demonstrate compliance. With Craig's extensive industry experience coupled with Guardium's innovative technology and major reference accounts, we expect to further expand our footprint as federal spending in this vital area continues to grow."
Tuesday, June 9, 2009
Abu Dhabi Commercial Bank Implements Guardium to Strengthen Database Controls
Abu Dhabi Commercial Bank (ADCB)
Abu Dhabi Commercial Bank has announced the successful implementation of Guardium's real-time database security and monitoring solution to prevent unauthorized changes to critical financial tables by privileged users such as DBAs.
ADCB started deploying Guardium in December 2008 by StarLink which has a distribution partnership with Guardium covering the entire Middle East region. ADCB looking for a distinctive method of database auditing to ensure the deployment be trouble-free with no impact to the Databases and Guardium met these criteria.
"We were seeking a unified, cross-DBMS solution that delivers granular, real-time controls without the complexity, overhead and risk of native DBMS-resident auditing, and Guardium fulfilled all our requirements. Our goal is to ensure that critical information is stored securely through the adoption of best-of-breed technologies." said Steve Dulvin, Head of IT Security at Abu-Dhabi Commercial Bank
"Through partnering with Guardium, ADCB will ensure the integrity of enterprise data and help to enforce change controls, while simplifying and automating compliance processes," Steve added. "Unlike traditional database logging solutions, Guardium provides 100% visibility into all database activities - including both privileged and application user actions - across all DBMS platforms, without impacting on performance or IT infrastructure. We believe in layered security to ensure confidentiality and integrity of the bank's & customer information."
Guardium monitors all database transactions, without adding overhead or relying on traditional DBMS-resident logs that can easily be disabled by DBAs. It creates a verifiable audit trail of all transactions - including DBA activities that access databases via "back-door" protocols such as Oracle Bequeath, named pipes and shared memory - and immediately generates real-time security alerts whenever policy violations are detected. This enables organizations to effectively enforce corporate change controls, such as preventing changes outside of authorized change windows and automates the entire compliance auditing process.
-Ends-
Abu Dhabi Commercial Bank (ADCB)
Abu Dhabi Commercial Bank has announced the successful implementation of Guardium's real-time database security and monitoring solution to prevent unauthorized changes to critical financial tables by privileged users such as DBAs.
ADCB started deploying Guardium in December 2008 by StarLink which has a distribution partnership with Guardium covering the entire Middle East region. ADCB looking for a distinctive method of database auditing to ensure the deployment be trouble-free with no impact to the Databases and Guardium met these criteria.
"We were seeking a unified, cross-DBMS solution that delivers granular, real-time controls without the complexity, overhead and risk of native DBMS-resident auditing, and Guardium fulfilled all our requirements. Our goal is to ensure that critical information is stored securely through the adoption of best-of-breed technologies." said Steve Dulvin, Head of IT Security at Abu-Dhabi Commercial Bank
"Through partnering with Guardium, ADCB will ensure the integrity of enterprise data and help to enforce change controls, while simplifying and automating compliance processes," Steve added. "Unlike traditional database logging solutions, Guardium provides 100% visibility into all database activities - including both privileged and application user actions - across all DBMS platforms, without impacting on performance or IT infrastructure. We believe in layered security to ensure confidentiality and integrity of the bank's & customer information."
Guardium monitors all database transactions, without adding overhead or relying on traditional DBMS-resident logs that can easily be disabled by DBAs. It creates a verifiable audit trail of all transactions - including DBA activities that access databases via "back-door" protocols such as Oracle Bequeath, named pipes and shared memory - and immediately generates real-time security alerts whenever policy violations are detected. This enables organizations to effectively enforce corporate change controls, such as preventing changes outside of authorized change windows and automates the entire compliance auditing process.
-Ends-
T-Mobile mum on hacker claim
The company claims to have beefed up database security since then. And it almost certainly has done that. Nonetheless, Paul Davie, COO of security firm ...
To read more about the stories, please click HERE.
The company claims to have beefed up database security since then. And it almost certainly has done that. Nonetheless, Paul Davie, COO of security firm ...
To read more about the stories, please click HERE.
Sunday, June 7, 2009
Merrick Bank vs. Savvis Could Affect "Liability Dynamic"
contributed by SANS NewsBites Vol. 11 Num 44
The lawsuit brought by Merrick Bank against Savvis raised important
issues about compliance and liability. Merrick, a merchant bank, is
suing Savvis because Savvis's certification of CardSystems as compliant
with Visa CISP (a compliance standard that predates the Payment Card
Industry Data Security Standard, or PCI-DSS) was faulty, causing Merrick
to lose US $16 million after CardSystems suffered a data security
breach. Merrick is alleging negligence and negligent misrepresentation.
The case could "force increased scrutiny [of] largely self-regulated
credit-card security practices," and raises the specter of
government-imposed regulation. One article also points out that to
generate an accurate report, auditors rely on honesty and cooperation
from the people at the entity being audited.
read more
contributed by SANS NewsBites Vol. 11 Num 44
The lawsuit brought by Merrick Bank against Savvis raised important
issues about compliance and liability. Merrick, a merchant bank, is
suing Savvis because Savvis's certification of CardSystems as compliant
with Visa CISP (a compliance standard that predates the Payment Card
Industry Data Security Standard, or PCI-DSS) was faulty, causing Merrick
to lose US $16 million after CardSystems suffered a data security
breach. Merrick is alleging negligence and negligent misrepresentation.
The case could "force increased scrutiny [of] largely self-regulated
credit-card security practices," and raises the specter of
government-imposed regulation. One article also points out that to
generate an accurate report, auditors rely on honesty and cooperation
from the people at the entity being audited.
read more
Monday, June 1, 2009
Security Experts Raise Alarm Over Insider Threats Economic troubles raising the stakes on potential threats, FIRST members say
By Tim WilsonDarkReading
Security researchers and other experts are turning up the heat on insider threats, warning enterprises that the problem is growing and could prove devastating for many enterprises.
In preparation for its meeting in Japan next month, the Forum of Incident Response and Security Teams (FIRST) issued a press release in which its senior officers urge organizations to step up their efforts to protect themselves from insider attacks, saying that many are "ill-prepared for an onslaught which could prove calamitous."
"One of the greatest security threats of our times is from insiders, as organizations lay off tens of thousands of workers," said Scott McIntyre, a FIRST steering committee member and representative of the Netherlands-based KPN Computer Emergency Response Team (CERT). "People know the axe is coming, and the longer employers prolong the swing of that axe, the more danger they expose themselves to, either from sabotage or data theft. An employee who thinks he or she is [going to be laid off] can start fouling up systems which are critical to the organization, or decide to take an unauthorized pay-off by stealing a mass of data."
read more ......
By Tim WilsonDarkReading
Security researchers and other experts are turning up the heat on insider threats, warning enterprises that the problem is growing and could prove devastating for many enterprises.
In preparation for its meeting in Japan next month, the Forum of Incident Response and Security Teams (FIRST) issued a press release in which its senior officers urge organizations to step up their efforts to protect themselves from insider attacks, saying that many are "ill-prepared for an onslaught which could prove calamitous."
"One of the greatest security threats of our times is from insiders, as organizations lay off tens of thousands of workers," said Scott McIntyre, a FIRST steering committee member and representative of the Netherlands-based KPN Computer Emergency Response Team (CERT). "People know the axe is coming, and the longer employers prolong the swing of that axe, the more danger they expose themselves to, either from sabotage or data theft. An employee who thinks he or she is [going to be laid off] can start fouling up systems which are critical to the organization, or decide to take an unauthorized pay-off by stealing a mass of data."
read more ......
Cyber attacks continue to grow
Hacking, viruses breach government, industry, university firewalls
contributed by msnbc.com news services
Cyber espionage, attacks, breaches, viruses — they are all among the concerns President Barack Obama cited Friday when he announced he will create a new White House office of cyber security, with that cyber czar reporting to the National Security Council as well as to the National Economic Council.
The nation’s vulnerability to cyber attacks has long been a concern. The Center for Strategic and International Studies said in a December report that the U.S. Defense Department alone has said its computers are probed hundreds of thousands of times each day.
These publicly known cases of hacks, thefts and viruses at government, military, utilities and educational sites are just some examples:
read more ......
Hacking, viruses breach government, industry, university firewalls
contributed by msnbc.com news services
Cyber espionage, attacks, breaches, viruses — they are all among the concerns President Barack Obama cited Friday when he announced he will create a new White House office of cyber security, with that cyber czar reporting to the National Security Council as well as to the National Economic Council.
The nation’s vulnerability to cyber attacks has long been a concern. The Center for Strategic and International Studies said in a December report that the U.S. Defense Department alone has said its computers are probed hundreds of thousands of times each day.
These publicly known cases of hacks, thefts and viruses at government, military, utilities and educational sites are just some examples:
read more ......
Aetna Contacts 65,000 After Web Site Data Breach
Jeremy Kirk, IDG News Service
Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.
The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor.
The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information.
The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained.
Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves.
"We wanted to err on the side of caution," Michener said.
Aetna hired an IT forensics company to investigate how the Web site had been compromised. "At this point despite a thorough review, they've not been able to pinpoint the precise breach," Michener said.
Aetna posted alerts on the job site, its main Web site and its internal intranet about the spam campaign, Michener said.
read more
Jeremy Kirk, IDG News Service
Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.
The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor.
The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information.
The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained.
Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves.
"We wanted to err on the side of caution," Michener said.
Aetna hired an IT forensics company to investigate how the Web site had been compromised. "At this point despite a thorough review, they've not been able to pinpoint the precise breach," Michener said.
Aetna posted alerts on the job site, its main Web site and its internal intranet about the spam campaign, Michener said.
read more
Subscribe to:
Posts (Atom)