News
Comments from Fujitsu - Amazon password reset
November 2015 by Mark Stollery, Managing Consultant, Enterprise and Cyber Security UK & I, Fujitsu
Following the news that Amazon asked users to reset their passwords, please see below comments from Mark Stollery, Managing Consultant, Enterprise and Cyber Security UK & I, Fujitsu.
“Another day, another security incident – this time Amazon is in the spotlight. The company is both an iconic global brand (so a prestigious scalp for amateur hackers) and a massive retail operator (so a mouth-watering repository of customers’ exploitable details for greedy criminals). It has therefore never been a question of whether Amazon would suffer a major cyber-attack, but when. This latest incident changes nothing and is just a reminder that cyber-attacks are a fact of daily life for today’s online businesses. The password reset is a sensible measure, even if it causes short-term nuisance. A future attack might be successful, as 100% security is impossible, but Amazon is reducing its vulnerability by proving that it can spot suspicious incidents and deal with them swiftly. Research from Fujitsu indicates that only 9% of UK consumers believe organisations are doing enough to protect their data, so Amazon and others will need to continually demonstrate their cyber security competence if they are to keep the trust of their customers.
“Because of the pervasive attempts by criminals to steal online data, it is vital that organisations take a proactive approach, as Amazon appears to have done in this case. They must focus on reacting quickly when a breach occurs, and must have well-rehearsed plans in place to understand what happened, minimise the impact, communicate clearly with their customers and restore normal operations as soon as possible. To do this, they need to integrate threat intelligence and other information sources to provide the context necessary to deal with today’s advanced cyber threats. Implementing a strong security education programme underpinned by a robust security framework. This would allow companies to get on the front foot in combating these types of threats. It’s also important that organisations communicate how they are using personal data to provide benefits to the customer, in a secure manner, and that the right security controls and policies are in place, to remain trusted in the eyes of the consumer.”
