eBay Security Breach Delivers 10 Lessons for Enterprise IT Executives

eBay Security Breach Delivers 10 Lessons for Enterprise IT Executives
Never Use the Same Password on Multiple Websites
Don't Trust Any Company
Expect to Be Hacked
Financial Information Tough to Grab
Companies Aren't Learning From Issues
The Enterprise Is Not Doing Enough
Hackers Are Winning
Companies Don't See the Attacks Coming
They Don't React Swiftly to Them
Answers Aren't Solutions
1 of 11

eBay Security Breach Delivers 10 Lessons for Enterprise IT Executives

By Don Reisinger

2 of 11

Never Use the Same Password on Multiple Websites

The same passwords shouldn't be used on multiple sites. Engaging in such an activity is almost as bad as having no password at all. In its May 21 letter to users, eBay urged customers to change all passwords across all the sites they use, and to never use the same password for two different services. Having unique passwords for every site might take more effort to manage, but it's a necessity in today's insecure world.

3 of 11

Don't Trust Any Company

No company can be trusted. Although there was a thought at one time that smaller firms were most likely to be affected by security breaches, now it's clear that even the biggest companies in the world can get hit with major hacks. Therefore, it's incumbent upon users never to trust a company with their data.

4 of 11

Expect to Be Hacked

It's sad to say, but today's Web users should expect to have their information stolen at some point in their lives. Considering hackers have been able to break into government data centers, retailer servers and, now, eBay, among many, many others, it's practically impossible for anyone to be safe from being hacked, no matter what they do.

5 of 11

Financial Information Tough to Grab

There is perhaps a single bright spot in the eBay news: Getting credit card information isn't simple. Target was able to keep credit card data encrypted and supposedly safe from hackers, and the same is true for eBay. At this point, financial data security seems to be working, at least.

6 of 11

Companies Aren't Learning From Issues

At what point will companies start to learn from the hacks that have affected so many other firms? It seems that there's a sense in the security community that just because one company was hacked, it won't happen to another. It's a false sense of security and it's causing breaches that are wreaking havoc on companies across the globe.

7 of 11

The Enterprise Is Not Doing Enough

For enterprise IT decision-makers, all this news of data being hacked should be a wake-up call: You're not doing enough. While many IT decision-makers might believe that their corporate data is secure and they have nothing to fear, it's becoming increasingly apparent that believing that is a mistake. Assume you're not doing enough with security, IT professionals, and maybe you'll just get lucky and not get hacked.

8 of 11

Hackers Are Winning

The malicious hackers targeting companies around the globe are winning. And it's about time someone said so. For too long, the security community has pretended that it can keep pace with malicious hackers. The truth is that it can't, and it won't, until it realizes that the hackers are better at what they do. We'll never be safe as long as the malicious hackers are outpacing those folks who are supposed to be protecting us.

9 of 11

Companies Don't See the Attacks Coming

It's shocking to see that so few companies see attacks coming. Despite all the concerns with security and data breaches, firms aren't doing things as simple as monitoring database access or server queries. This is basic security that companies aren't doing because, first, they don't spend enough money on it or, second, they don't have the time to care. Following basic security policies might have stopped the eBay attack from happening.

10 of 11

They Don't React Swiftly to Them

To make matters worse, once a flaw is exploited, companies are literally taking months to react. In fact, eBay admitted that the attacks occurred in late-February and early-March. Yet the company didn't discover them until two weeks ago, and it took an additional two weeks for the company to inform the public. That's embarrassing, and eBay has some serious explaining to do.

11 of 11

Answers Aren't Solutions

The truth is that eBay's response to its data breach—change passwords and don't worry about your financial information—hardly inspires confidence. The same might be said for Target, which could only offer apologizes and credit monitoring. The answers the affected companies are providing aren't solutions, they're Band-Aids. At what point will we all realize that the affected companies should be providing us with real solutions to the problems we face—and not simply handouts to make it all go away?

Top White Papers and Webcasts