VARs See Lesson In Monster.com Breach


The breach of online jobs site Monster.com, which comprised 1.3 million job seekers' personal information, holds an important lesson for businesses banking on the Web to conduct business, say security solution providers.

The stolen data, which was found on a remote server and shut down by Monster.com this week, included users' names, addresses, phone numbers and e-mail addresses. Symantec security researchers first reported the incident last week, although it's still not clear when the breach first occurred.

The data was collected by the Trojan Infostealer.Monstres, which likely used stolen login credentials of legitimate employment recruiters to gain access to the site's resume database, according to a posting by Symantec researcher Amado Hidalgo on Symantec's Web site. The unsuspecting job seekers whose information was stolen then became the victims of various phishing e-mail scams attempting to empty their bank accounts.

"This is not only going to damage Monster.com's brand reputation but is also going to cost them a lot of money," says Shiv Kumar, executive vice president of ZSL, a security solution provider in Edison, N.J. "This is a good lesson for any business completely relying on Web infrastructure to provide their services to consumers, and this is also a good opportunity for a lot of solution providers specializing in security to take this to your customers and tell your customers how proactive security management can benefit them."

Service providers say the breach highlights the need for a multilayered approach to security.

"That involves a lot of different components, including end point protection, complex passwords, password policies, intrusion prevention detection, and some mechanism to correlate that information, and security monitoring," says Brian Okun, director of Prevalent Networks, a security solution provider in New York, N.Y.

"This is a very common form of attack we have these days, and in general how we address this is with a defense-in-depth approach. We make our users have security controls in place at the network and application level and make sure that they are monitoring the applications they provide on the Internet for any misusage, and the other thing is that they are making sure they are educating their users using their site on what information will officially come from them as a site provider," says John McNeely, CTO of SwordShield Enterprise Security, an information security consulting firm headquartered in Knoxville, Tenn.

Security solution providers said incidents like this also bolster the argument for services that include continual monitoring and point to the fact that Monster.com was not the first to know its site had been compromised.

"If you look at the evolution of security over the past several years you see a proliferation of point products, so you're talking about four to eight distinct areas within security and if you have to have someone watching over every one of those all the time that's a lot of blinking lights out there. Even if you were to invest in a security management platform, it's still nice to have some experts keep an eye on your security infrastructure because the bad guys don't work normal business hours," Okun says.