MWEB Business: Hacked

Management Information Systems 10.12.2012

Outline
1. What technology issues led to the security breach at MWEB?

2. What is the possible business impact of this security breach for both MWEB and its customers?
3. If you were an MWEB customer, would you consider MWEB's response to the security breach to be acceptable? 4. What should MWEB do in the future to avoid similar incidents?

o South Africas 2nd largest Internet Service Provider o Founded in 1997 o Divisions: MWEB Connect and MWEB Business o Customer base: Home users Small, medium and large enterprises Corporate clients

Portfolio
o Tailored Business Solutions
o Personalized account management o Own world class network infrastructure o International connectivity redundancy o Next generation data centers o 24/7 Technical support

Security Measures
o Using AVG Internet Security as partner o Identity protection o LinkScanner (safe surfing) o WebShield (safe social networking) o Antiphishing, Antispam, Antivirus, Antispyware o Enhanced firewall o Automatic e-mail cleaning o Blocking network ports commonly used by hackers

Dangerous Breach
Issue: o Compromised subscribers account details o Published logon and password details

Reason
oHackers gained access to Web based Internet Solutions self-service management system o outsourced, not in total control

Data Management
MWEB as reseller of IS ADSL services Managed by Web-based management interface provided by IS

Historical

Current

New Business ADSL services since 2010 + legacy systems Managed by internal authentication systems

Business Impact
o Notifying customers and find solution o Determine reason for breach = interruption of business processes o Work together with IS o Lost trust of customers gain back o Implement proper policies and controls o Prepare for legal, financial risks o Threat to customer retention and reputation

Very tricky process with

intangible and tangible costs

Customer Impact
o Need for explanation o Need for behavioral recommendations o Loss of personal information (privacy) o Data lost or inaccurate o Additional compromising of related accounts o Inconvenience: have to change password or could not access the service o Lost trust in the company

Response to the security breach

o 25.10.2010 Security Breach Dear sirs if you see your own name on the list maybe it's time for
switching ISP (in case you have any option) :D

o Disclosed and responded the same day (quickly!!)

o User names recreated

Passwords changed o No personal information was lost o Clients did not suffer any losses

Response to the security breach

o Internet Solutions network own IPC network o Repels 5000 attacks a day! o Added security measure reset the passwords o Investigation together with Internet Solutions

Acceptable response? Saved trust?

Yes No

To-do list for the future

o Digital certificates
o Intrusion detection system o MIS audit

o Regular and thorough testing

o Improved identity management

Thank you!