Nov 24, 2021
86 Views
0 0

GoDaddy breach raises questions about how to secure identity in the enterprise

Written by

Comes apologized to customers and said the company takes the responsibility of securing data very seriously. 
“We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” Comes said.
The incident marks the second significant security breach at GoDaddy in about two years. In May 2020, GoDaddy disclosed a data breach that took place in October 2019, which impacted 28,000 customers. 
A breach such as the GoDaddy attack can put business and consumers at risk of phishing attacks, identify theft and credit card fraud, according to Steve Turner, analyst of security and risk at Forrester. 
“This also exposes people who were impacted to advanced attacks where the adversaries can craft very targeted campaigns based on the data that they’ve gleaned from these WordPress databases, which would allow them to impersonate the merchants or others down to the extreme detail,” Turner said in an email. 
Businesses should purge customer data that isn’t currently being used to lower the potential downstream risk of the breach, which revealed information related to current and past customers. 
From an enterprise standpoint, the GoDaddy breach is an illustration of why identity is the security perimeter and is constantly under attack, according to Gartner Research VP Peter Firstbrook
“This attack, along with the Nobelium attacks, the recent Azure CosmosDB vulnerability and numerous other examples, demonstrate why we should expect sustained attacks on the identity system,” Firstbrook said. “Enterprise security managers must improve their focus on identity detection and response.”
GoDaddy did not return a request for comment. 
Get the free daily newsletter read by industry experts
Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started
Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.