While China has been a hot topic in security news for a while I think the most egregious offense is the negligence on the side of Nortel executives. It was reported in the article that nothing was done from a security standpoint after the breach was discovered other than changing the passwords that were used to gain access to the network.
Publicly traded Nortel did not disclose the breach and did not believe that they had to make investors aware because it was not considered a "material" risk or event. Late last year the SEC released a formal memo stating that cyber attacks can be "material" and that an organization must investigate all cyber attacks to determine if they are in fact "material".
In the meantime, Nortel was also in the process of selling portions of their business as a result of filing for bankruptcy. Even during this process executives did not disclose the breach to potential buyers. According to the article, former CEO of Nortel Mike Zafirovski believes, " People who looked at [the hacking] did not believe it was a real issue. This never came up like, 'We have a real issue and we need to disclose to potential buyers of businesses.' Mr. Zafirovski said he didn't believe the infiltrations could be passed on to acquiring companies. 'That's a real, real stretch'."
The article in the WSJ is a great comprehensive timeline of the Nortel breach and all of the factors at play in this complicated story. While outside hackers are a threat to networks, an even greater threat to world networks is a lack of security education, or in this case negligent organizations. Tell us what you think and be sure to check out the full WSJ article here: Chinese Hackers Suspected in Long-Term Nortel Breach
No comments:
Post a Comment