Cyber-attack on Zappos: Information Security Lessons for Enterprises [Part-3]

1

In the previous two posts in the backdrop of the cyber-attack on Zappos.com, we analyzed the challenges associated with achieving the highest level of information security in enterprises and the causes for security incidents…

We can broadly classify the root cause for security incidents in enterprises into two categories:

  1. Lack of internal controls, access restrictions, centralized management, accountability, strong policies and to cap it all, haphazard style of privileged password storage and management
  2. Lack of proper monitoring in networks to sniff suspicious activity (which directly helps in detecting breaches quickly)

These shortcomings make the organization a paradise for malicio…