Another day, another breach.
Ticketmaster’s recently announced data breach is another sobering lesson of why ‘defending the network perimeter’ is no longer a viable strategy for IT security. After all, the “D” in GDPR stands for “Data”, not “Network”.
According to online reports, there’s no fault with Ticketmaster’s network security – data was leaked via malware from one of their suppliers (Ibenta Technologies). Both parties have ISO27001 accreditation, and Ticketmaster no doubt went through a diligent security review as part of their supplier on-boarding process.
But it just goes to show : no matter how good your own network security is, your data can still be lost by a supplier, technology partner – or even your customers.
Someone, somewhere is going to be the weakest link. And though it’s probably not Ticketmaster’s fault, it’s certainly still their responsibility.
In the Ticketmaster case, reports suggest it was a ‘fourth party’ who noticed the breach – card payment provider Monzo.
That’s the problem with data breaches – it’s not like having your house burgled; there are no broken windows – and your TV is still there, working perfectly. You may not discover the breach for weeks, months, or years – particularly if the breach happened at one of your suppliers – and, like Ticketmaster, it may take months from that first Indicator of Compromise before you uncover the root cause.
That’s why we think everyone should be proactively monitoring for signs of data breaches “outside your firewall” too : suspicious transactions, phishing emails – or the data itself being leaked, marketed, or sold online in the Dark Web (and the other dodgy bits of the internet). Why not download our White Paper to find out more.
So stop being fixated on network security – no-one wants to steal your network. They want to steal your data.