We’ve seen breaches committed by security companies in the past, so it’s disappointing but not surprising to read that Computer Associates has suffered a breach to its website, which redirected unsuspecting visitors to a Chinese domain that downloads malware to visitors’ PCs. It’s a major embarrassment for a company that specializes in advising enterprises on how to secure their infrastructures.
How did it happen? According to press reports, it happened in the press section of their Website, which is outsourced to a hosting company. This type of breach shouldn’t happen. One would hope that professional hosting companies would naturally maintain good security practice to safeguard their customers’ services. Unfortunately they don’t all do this. That’s why it’s vital for user organisations to ensure that their contractors and sub-contractors continue to maintain security standards, through contractual requirements and frequent vulnerability scanning.
Hopefully CA has learnt a lesson and will now take all necessary steps to secure their infrastructure. That’s the positive side of breaches. They encourage organisations to put their house in order.