Real News.
Real Companies.
Is Yours Next?
Simple contact: 3 fields, one form, that's it. Inquire Here:
Cost effective, proactive testing to keep you out of the news - use the form below.

Email (Company domain please):


no gmail, yandex, yahoo, etc.
captcha
Enter code:
Yes, I am a human.

Security News

At Risk: Mortgage Companies
Cyber Espionage Presentation with Congressman Rogers and FBI
At Risk: Staffing Firms
At Risk: Medical Facilities
High Bit 2012 Report: 95.83% Businesses Vulnerable
Hospice Fined For Data Breach
High Bit 2013 Predictions
Cybersitter China Hack
Hospitals 94% Breached
Samsung TV Vulnerability
Medical Ransomware

Ransomware Threats Prompts Mortgage Company to Contract with High Bit Security for Penetration Testing Security Testing pinpoints multiple urgent vulnerabilities.

by High Bit Security on April 17, 2013 www.HighBitSecurity.com

Timely remediation prevents loss of extensive store of client data, including personal information, banking and investment records, SSN's, and income. Mortgage companies store significant Personally Identifiable Information (PII); many small and medium size brokers have become prime targets for hackers.

"Anyone who has ever applied for a mortgage knows that you are required to document your entire financial life," said High Bit Security CBDO Barbara Goushaw. "Mortgage company records are a goldmine for an identity thief, and whether this information is stored locally or the mortgage company uses third party software - customer information exists unencrypted at various points as it traverses the network. Information is transferred using unencrypted e-mails and it's also copied, faxed, and scanned on all-in-one printers that retain the information. Yet, most of us would never ask about security policies when selecting a mortgage company - it's a prescription for ruined lives."

High Bit Security performed a penetration test for a national mortgage company who was concerned about their security due to a ransomware attack against another mortgage broker. The hacker took control of that system, locked the company out, and threatened to publish applicants' sensitive information unless a "ransom" of $200,000 was paid within 24 hours. The national mortgage company engaged High Bit security to test and determine their vulnerabilities, and to ascertain if they could be subjected to the same kind of attack. Testing identified multiple exploitable vulnerabilities, underscoring the need for a preemptive approach to security and illustrating why penetration testing is widely acknowledged as the best way to protect and preserve valuable information.

"Our security engineers documented vulnerabilities that could allow a full breach of the server and the operating system," said High Bit COO, Adam Goslin. "There was also a server misconfiguration that inappropriately exposed an 'internal only' database to the Internet, in addition to remote access vulnerabilities. We discovered that this company was at risk, and it was fortunate they engaged us before the hackers discovered it too. In cases like this it's only a matter of time." High Bit Security reported what was found, where it was found, what it meant, relative severity within the environment, and specific details on how to fix it. Upon receipt of the testing results report, the mortgage company IT staff began at once to remediate the vulnerabilities. "Most of the fixes were relatively simple to accomplish," said Goslin. "The trick is to know what needs to be fixed. That's why an experienced security engineer heads up all of our engagements. They know where to look. The key is to engage us before the hackers find you, because they also know where to look. In this case the company was proactive and brought us in before they became a target. "

The complete anonymous case study can be reviewed here.

About High Bit Security: High Bit Security is a national security services provider, providing penetration testing solutions to clients who need to protect sensitive data in industries such as Healthcare, Credit Card, Financial, or companies that otherwise store Intellectual Property or Personally Identifiable Information. High Bit Security also provides security consulting services to our clients to assist them with their compliance objectives across PCI-DSS, PA-DSS, HIPAA, SSAE-16 or simply wish to perform a security best practices audit of their organization. Contact High Bit Security today for a free consultation to take steps toward protecting your sensitive information. www.HighBitSecurity.com 800-757-3144