Explorer

Cybersecurity Firms Now At Hackers' Mercy, Who Will Save Us?

The new breed of hackers is flexing their muscles and now, cybersecurity firms which aim to safeguard your data are being hit right in their backyard -- signaling a worrisome trend for enterprises and governments as encryption is proving to be fundamentally flawed.

New Delhi:  The new breed of hackers is flexing their muscles and now, cybersecurity firms which aim to safeguard your data are being hit right in their backyard -- signaling a worrisome trend for enterprises and governments as encryption is proving to be fundamentally flawed. In a bizarre incident late last month, global cybersecurity firm Palo Alto Networks "admitted" that the personal details of its seven current and former employees had been "inadvertently" published online by a "third-party vendor". The personal details of some past and present employees -- their names, dates of birth and social security numbers -- were exposed online.

Palo Alto Networks, however, did not divulge further details on who the third party vendor was and how the personal details of the employees were leaked. San Francisco-based HackerOne which itself is a vulnerability coordination and bug bounty platform and boasts of clients like Starbucks, Instagram, Goldman Sachs, Twitter and Zomato, last week paid $20,000 to a community user who exposed a vulnerability in its own bug bounty platform.The vulnerability was exposed by a user with the handle called "haxta4ok00". "I can read all reports @security and more programmes," posted the hacker on the community page. "I did it to show the impact. I didn't mean any harm by it. I reported it to you at once. I was not sure that after the token substitution I would own all the rights. I apologise if I did anything wrong. But it was just a white hack". The big question arises: How safe is our data with the cyber security enterprises that have mushroomed in the recent past. In a statement shared with IANS, HackerOne said it believes in transparency and the vital role it plays in building trust."This was a vulnerability reported through HackerOne's own bug bounty programme by an active HackerOne hacker community member and was safely resolved. The team followed standard protocol to conduct a comprehensive investigation of the issue and implement immediate and long-term fixes. All customers impacted were notified the same day," HackerOne noted."It may seem counterintuitive to publish when things go wrong, but many companies face similar security challenges, and the value of public disclosure for the public and our community far outweighs the risk," the company added. Palo Alto Networks said they took immediate action to remove the data from public access and terminate the vendor relationship."We also promptly reported the incident to the appropriate authorities and to the impacted individuals. We take the protection of our employees' information very seriously and have taken steps to prevent similar incidents from occurring in the future," the company said in a statement. The big question arises: If cybersecurity firms are unable to thwart hacking on their platforms, where would an individual or a firm in India go to secure data?"Both these incidents show that deliberate actions or even mistakes by companies can cripple huge security systems," Virag Gupta, a lawyer who is arguing the case in Supreme Court for data localisation in India, told IANS. The Data Protection Bill, which has been cleared by the Cabinet, envisages "sensitive" personal data to be stored in India, but it can be processed outside the country with the explicit consent of the individual concerned. "Critical" personal data, which is another classified data, can only be stored and processed in India and will not leave the country. What constitutes "critical' data" will be defined by the government at the time of framing regulations."The new Data Protection Law in India must ensure an easy and fast redressal system that provides for both punishment and compensation," said Gupta. Companies may face a penalty of up to Rs 15 crore or 4 per cent of global turnover for major violations under the proposed Personal Data Protection law, according to official sources.
View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

'One Nation, One Election' Bill: Centre Begins Procedure To Form JPC For Deliberations
'One Nation, One Election' Bill: Centre Begins Procedure To Form JPC For Deliberations
'Rotten Ecosystem': PM Modi's Attack On Congress As It Corners Amit Shah Over 'Fashion' Remark On Ambedkar
PM Modi Hits Back At Congress As It Corners Amit Shah Over His 'Fashion' Remark On Ambedkar
Ashwin's Juggernaut Stops At 537 | Here's A Look At Legendary Indian All-Rounder's Iconic Test Career
Ashwin's Juggernaut Stops At 537. A Look At The Legend's Iconic Test Career
After Promising Rs 2100 To Delhi Women, AAP Guarantees Free Treatment To Citizens Aged Above 60
After Promising Rs 2100 To Delhi Women, AAP Guarantees Free Treatment To Citizens Aged Above 60
Advertisement
ABP Premium

Videos

Priyanka Gandhi's bag creates a stir in politics, listen to what the Congress MP says in answer to the questions | ABP NewsParliament Session: Mallikarjun Kharge's allegation, 'Amit Shah insulted Baba Saheb Ambedkar' | ABP newsParliament Session: What did Shah say in Parliament after which Congress accused him of insulting AmbedkarParliament Session: 'Let me tell the 54-year-old youth who wants to change the Constitution...' Amit Shah

Photo Gallery

Embed widget