{"id":4161,"date":"2019-01-17T11:24:17","date_gmt":"2019-01-17T15:24:17","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=4161"},"modified":"2019-01-17T11:25:08","modified_gmt":"2019-01-17T15:25:08","slug":"experts-weigh-in-the-oklahoma-securities-commission-breach","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/","title":{"rendered":"Experts Weigh In: The Oklahoma Securities Commission Breach"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-2993\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg\" alt=\"Experts Weigh In: The Oklahoma Securities Commission Breach\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Yesterday, the Oklahoma Securities Commission unveiled they suffered data leak discovered in December 2018. The organization is responsible for preventing fraud and for ensuring individuals and corporations trade securities with the proper certification at the state level. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/solutionsreview.com\/identity-management\/identity-governance-and-administration-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"Identity Governance and Administration Buyer's Guide\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/01\/identity-governance-administration-speedbump-cta.jpg\" alt=\"Download Link to Identity Governance and Administration Buyer's Guide\" width=\"800\" height=\"225\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/www.upguard.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">UpGuard<\/span><\/a><\/span><span style=\"font-weight: 400\"> cybersecurity researcher Greg Pollack discovered the leak. The Commission stored millions of their files\u20143 terabytes of data\u2014on a rsync server. The server possessed no identity or access management security whatsoever. In fact, The Oklahoma Securities Commission did not even password protect this critical server; anyone connecting to the server with an IP address could <span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/solutionsreview.com\/identity-management\/identity-governance-and-administration-buyers-guide\/\" target=\"_blank\" rel=\"noopener\">access it<\/a><\/span>. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">According to an <\/span><span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/www.upguard.com\/breaches\/rsync-oklahoma-securities-commission\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">UpGuard post<\/span><\/a><\/span><span style=\"font-weight: 400\"> detailing the leak, it is unclear when the server first became public. Evidence points to the server first becoming publicly accessible in November 2018. Since its discovery, the server has been removed from public access. However, whether the server ever experienced unauthorized access during its brief window of exposure remains unknown. <\/span><\/p>\n<h3 style=\"text-align: justify\"><span style=\"font-weight: 400\"><strong>What Data Leaked?<\/strong>\u00a0\u00a0\u00a0\u00a0<\/span><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The files in question contained information on sensitive subjects, including FBI investigations, enforcement actions, and bank transaction histories. The leaked data also contained statements from witnesses and sources in FBI cases and information on major corporations like AT&amp;T. <span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/solutionsreview.com\/identity-management\/amazon-web-services-bucket-leaks-12000-social-media-influencers-data\/\" target=\"_blank\" rel=\"noopener\">Chris Vickery<\/a><\/span>, Head of Research at upGuard, noted the leaked files contained data from between 1986 and at least 2016.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Vickery said: \u201cIt represents a compromise of the entire integrity of the Oklahoma department of securities\u2019 network. It affects an entire state level agency. \u2026 It\u2019s massively noteworthy.\u201d Additionally, he criticized the Oklahoma Securities Commission lackadaisical response to the data leak. Their identity security behavior overall indicated neglect of access management best practices. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Charles Kaiser, Spokesperson for the Oklahoma Securities Commission, said in a statement: \u201cThis matter is under investigation and the department has no further comment at this time.\u201d <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">To the editors of Solutions Review, the Oklahoma Securities Commission Breach demonstrates the danger of allowing your access management policies to lapse or treating your sensitive data irresponsibly. If you treat your <span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\">identity and access management<\/a> <\/span>as an afterthought, you may end up publically leaking information damaging to your enterprise\u2019s bottom line or reputation. However, we wanted more insight into this grievous data exposure. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Therefore, we sought the opinion of cybersecurity experts to learn what enterprises can learn from the Oklahoma Securities Commission Breach. Here\u2019s what they had to say: \u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Anurag Kahol, CTO,<\/b><span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/www.bitglass.com\/\"> <b>Bitglass<\/b><\/a><\/span><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cWhat is especially troubling about this data leak is the seemingly blas\u00e9 response from the Oklahoma Securities Commission. Leaving a database containing highly sensitive information unprotected and publicly accessible is careless and irresponsible; additionally, the agency is worsening the situation by failing to address the issue directly with the public. While all organizations need to defend their data, government agencies, in particular, must adhere to the highest of security standards \u2013 the type of information that they collect, store, and share demands it.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">These kinds of leaks can have lasting consequences for all parties involved. To prevent such breaches, all organizations, including government agencies, must adopt modern security technologies. Dynamic identity and access management solutions, for instance, can verify users\u2019 identities, detect potential intrusions, and enforce multi-factor authentication in a real-time, step-up fashion.\u201d<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Carl Wright, CCO,<\/b><span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/www.attackiq.com\/\"> <b>AttackIQ<\/b><\/a><\/span><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cData leaks are often caused by gaps in security programs that can be easily prevented. The Oklahoma Securities Commission\u2019s leak of three terabytes of FBI data could have been avoided if they had visibility into the state of their defenses.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">All organizations, including government agencies, must take a proactive approach to protecting sensitive data through continuous evaluation of their security controls, processes and people to uncover and remediate gaps that could be compromised by threat actors.\u201d<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Jonathan Bensen, interim CISO and senior director of product management,<\/b><span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/www.balbix.com\/\"> <b>Balbix<\/b><\/a><\/span><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cLeaking three terabytes of the FBI\u2019s data due to leaving a server unsecured without a password is a critical error and indicates the need for the Oklahoma Securities Commission, as well as other government agencies, to strengthen their current security measures to ensure future breaches can be avoided in the first place.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Leaving a database containing such critical information unsecured is an elementary mistake for which there is no excuse. That said, organizations are increasingly struggling to maintain continuous visibility of all of their assets and successfully monitor the growing number of potential threats. Monitoring and analyzing the attack surface Analyzing and improving enterprise security posture is simply no longer a human scale problem. To best combat these threats, agencies must implement security tools that use machine learning and automation to monitor their enormous attack surfaces and vast IT asset landscape to proactively identify and address security vulnerabilities to mitigate the risk of future breaches.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><b>Thank you to these cybersecurity experts for their time and expertise!<\/b><\/p>\n<p style=\"text-align: justify\"><br \/>Widget not in any sidebars<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yesterday, the Oklahoma Securities Commission unveiled they suffered data leak discovered in December 2018. The organization is responsible for preventing fraud and for ensuring individuals and corporations trade securities with the proper certification at the state level. \u00a0 UpGuard cybersecurity researcher Greg Pollack discovered the leak. The Commission stored millions of their files\u20143 terabytes of [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":2993,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[142,986,125,987,56,16,112,411,76,70,30,984,91,985],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Experts Weigh In: The Oklahoma Securities Commission Breach<\/title>\n<meta name=\"description\" content=\"The Oklahoma Securities Commission unveiled they suffered data leak of sensitive files. We asked cybersecurity experts what enterprises can learn from this.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/\",\"name\":\"Experts Weigh In: The Oklahoma Securities Commission Breach\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg\",\"datePublished\":\"2019-01-17T15:24:17+00:00\",\"dateModified\":\"2019-01-17T15:25:08+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"The Oklahoma Securities Commission unveiled they suffered data leak of sensitive files. We asked cybersecurity experts what enterprises can learn from this.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"Insider Threat Awareness Month 2020: The Experts Comment\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Experts Weigh In: The Oklahoma Securities Commission Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Identity and Access Management Solutions | Solutions Review\",\"description\":\"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Experts Weigh In: The Oklahoma Securities Commission Breach","description":"The Oklahoma Securities Commission unveiled they suffered data leak of sensitive files. We asked cybersecurity experts what enterprises can learn from this.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/","url":"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/","name":"Experts Weigh In: The Oklahoma Securities Commission Breach","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg","datePublished":"2019-01-17T15:24:17+00:00","dateModified":"2019-01-17T15:25:08+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"The Oklahoma Securities Commission unveiled they suffered data leak of sensitive files. We asked cybersecurity experts what enterprises can learn from this.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg","width":800,"height":400,"caption":"Insider Threat Awareness Month 2020: The Experts Comment"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/experts-weigh-in-the-oklahoma-securities-commission-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Experts Weigh In: The Oklahoma Securities Commission Breach"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Identity and Access Management Solutions | Solutions Review","description":"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4161"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=4161"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4161\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/2993"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=4161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=4161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=4161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}