Have you ever found that someone had actually hacked into your company? I have. About ten years ago someone had broken into our data center through a security hole in SQL Server. It wasn’t through SQL Injection, but rather through a buffer overflow problem in the SQL code itself. What I remember the most was the impact of that occurrence.
We were greatly aware of the potential impact to our company assets as well as to the assets of our customers as our primary product was software as a service. We had the ability to process credit card transactions over the internet, so we had concern about theft in that area. Our Email was compromised and we experienced a week without internet access while things were rectified, our systems cleansed, and holes were plugged.
Of course the first thing we did was fix the SQL Server problem by applying the security fix already published by Microsoft.
With the recent hacker exploits through OpenSSL the memories of being hacked come back as a dark cloud. It prompts me to raise a few questions for us all. Do we take seriously the potential to be hacked? If we do, are we auditing our own assets for security leaks or do we simply rely on anti-virus software and software updates to protect us? Is it worth the cost of a security audit by professional hackers to validate how secure our systems are?
Share your thoughts or experiences through email to btaylor@sswug.org or here online.
Cheers,
Ben