Four Ways Your Company May Be Vulnerable to the Factors that Caused PNI’s Breach

With some of the world’s largest retailers affected, a July breach of PNI Digital Media has led to the longest performance outage in the history of online photo websites. With PNI Digital Media managing operations in 19,000 retail locations and processing 18 million transactions each year, the company has effectively become synonymous with the digital photo industry.

With online ordering making up roughly $800 million of the total U.S. photo printing market, companies involved in the breach stand to lose tens of millions of dollars, at least.

Check the list below and see if your company is engaging in any behaviors that could put your business at risk:

1. Allowing For The Uploading Of Files

While information regarding exactly what hackers stole or accessed is incredibly scarce, it seems that they may have gained entry through corrupted files that were uploaded to the site for processing. If your company’s online presence involves user customization or the ability for individuals to upload files, there is a very serious need for consistent system monitoring to track the path of files and users within the system.

2. Singular Login Credentials

When hackers gained access to PNI, they were able to backtrack through the linked sites and acquire, potentially, massive amounts of data over the year-long span that the hack went undetected. If your system administrators only have to use one or two specific login credentials for full data access, the system may as well be placed on a silver platter for hackers. Encryption and various stages of disconnected logins are critical to the safety of back end functions and security.

3. Depending On External Vendors

The issue for large businesses is expanding operations at an accelerated rate, but only using contractors that are experienced and trustworthy. It’s almost a catch-22, considering the perfect growth-to-protection ratio may never be found, resulting in the security of businesses continually hanging in the balance. This problem was exactly what plagued PNI, as it was simply unprepared to handle not only its own security responsibilities, but also those of the companies it worked for. Even with the most advanced IT team, it is unfeasible, and downright dangerous, to assume that all contractor activity can be fully monitored by a human team.

4. Not Using An Employee Monitoring Platform

The PNI Digital Media breach exemplifies the need for companies to monitor file uploads and contractor activity, as well as establishing protected lines of password-protected access. But perhaps most important is a way to monitor that all of these security measures are being upheld; a task that is best suited for an Employee Monitoring platform. By allowing an all-encompassing platform to be the eyes and ears within a system, all user activities are monitored and dutifully logged to prevent suspicious activity from escalating to breach status.

Isaac Kohen

Isaac Kohen

Isaac Kohen started out in quantitative finance by programming trading algorithms at a major hedge fund. His time spent in the financial world and exposure to highly sensitive information triggered his curiosity for IT security. He worked as an IT security consultant for several years where he spearheaded efforts to secure the IT infrastructure of companies with masses of confidential data. When Isaac first entered the industry, IT norms were to prohibit and lock out as many people as possible to protect data. He found that this was a very ineffective way of solving the issue because it made it hard for many people who wanted to cause no harm, to do their jobs. He decided to focus on algorithms targeting user behavior to find outliers within the companies he consulted with to help detect insider threats.Isaac can be contacted at ikohen@teramind.co

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *