An internet service provider called MWEB Business suffered a security breach when hackers gained access to their web-based customer account management system through a third party vendor. This exposed customer login and password details. While MWEB responded quickly by notifying customers and resetting passwords, the breach caused issues like loss of customer trust and potential legal/financial risks. To prevent future incidents, MWEB needs to improve security measures like using digital certificates, intrusion detection, audits, and identity management.
2. Outline
1. What technology issues led to the security breach at MWEB?
2. What is the possible business impact of this security breach
for both MWEB and its customers?
3. If you were an MWEB customer, would you consider MWEB's
response to the security breach to be acceptable?
4. What should MWEB do in the future to avoid similar incidents?
3. o South Africa’s 2nd largest Internet Service Provider
o Founded in 1997
o Divisions: MWEB Connect and MWEB Business
o Customer base:
• Home users
• Small, medium and large enterprises
• Corporate clients
4. Portfolio
o Tailored Business Solutions
o Personalized account management
o Own world class network infrastructure
o International connectivity redundancy
o Next generation data centers
o 24/7 Technical support
5. Security Measures
o Using AVG Internet Security as partner
o Identity protection
o LinkScanner (safe surfing)
o WebShield (safe social networking)
o Antiphishing, Antispam, Antivirus,
Antispyware
o Enhanced firewall
o Automatic e-mail cleaning
o Blocking network ports commonly used by
hackers
6. Dangerous Breach
Issue:
oCompromised subscribers account details
oPublished logon and password details
Reason
oHackers gained access to Web based Internet
Solutions’ self-service management system
o outsourced, not in total control
8. Business Impact
o Notifying customers and find solution
o Determine reason for breach = interruption of business processes
o Work together with IS
o Lost trust of customers gain back
o Implement proper policies and controls
o Prepare for legal, financial risks
o Threat to customer retention and reputation
Very tricky process with
intangible and tangible costs
9. Customer Impact
o Need for explanation
o Need for behavioral recommendations
o Loss of personal information (privacy)
o Data lost or inaccurate
o Additional compromising of related accounts
o Inconvenience: have to change password or
could not access the service
o Lost trust in the company
10. Response to the security breach
o 25.10.2010 Security Breach
“Dear sirs if you see your own name on the list maybe it's time for
switching ISP (in case you have any option) :D”
o Disclosed and responded the same day (quickly!!)
o User names recreated
Passwords changed
o No personal information was lost
o Clients did not suffer any losses
11. Response to the security breach
o Internet Solutions network own IPC network
o Repels 5000 attacks a day!
o Added security measure reset the passwords
o Investigation together with Internet Solutions
Acceptable response? Yes
Saved trust? No
12. To-do list for the future
o Digital certificates
o Intrusion detection system
o MIS audit
o Regular and thorough testing
o Improved identity management
(Wired and wireless Internet connectivity, hosting services, applications, VoIP)
Automatic e-mail cleaning from recognized malware sources protection against junkmail and viruses
2390 users of digital subscriber line were affected MWEB uses this system to manage accounts not yet migrated to MWEB network Legacy system, not so security options
Bulk was already migrated but some business users still on the old system
Quotation is from the site where the information was published