It seems like each day a data breach or vulnerability leads to an organization's customer data being exposed. The breaches that are the most disappointing to hear about are the ones that happen due to vulnerabilities or misconfigurations because these attacks are entirely preventable. The most recent company to learn this lesson is Maryland Joint Insurance Association (MJIA), which accidentally exposed its customers' personal information because a port was misconfigured and left open on a network-attached storage (NAS) device.
As a result, the personally identifiable information of MJIA's policy holders was leaked, including names, addresses, and social security numbers. The credentials to one of MJIA's claims databases were also revealed. This breach was made apparent when California-based cybersecurity firm UpGuard was scanning for IP addresses that had port 804 open and exposed to the public internet. While this port wasn't open, they did find that port 9000—usually used as a web front end for NAS servers—was.
The doors securing the highly personal information of MIJA's customers were thrown open for any hacker to obtain. There's no way to be sure that this data hasn't fallen into the wrong hands. Only time will tell whether this breach will wreak havoc on the victims' lives.
To identify your organization's security flaws, you need to have a vulnerability scanning solution in place. However, the sheer volume of logs generated from any vulnerability scanner can make monitoring this data nearly impossible.
ManageEngine EventLog Analyzer helps you combat security threats by monitoring logs from vulnerability scanners. This tool alerts you when:
Check out EventLog Analyzer today!
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.