Symantec Breach in June 2019

Verified

Added on 2022/12/19

AI Summary

This article discusses the security breach that occurred in Symantec in June 2019, where sensitive data like account numbers, passwords, and a list of essential clients were taken. It explores the measures taken by Symantec to enhance their network security and prevent future breaches. The article also provides recommendations for data breach protection in organizations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.


Abstract— Over the last few decades, the network security’s
state-of-the-art has evolved from initial focus on solutions. Like
encryption and firewalls through technologies of second-generation
which targeted in identifying the possible vulnerabilities in a
network. Security breach occurred in Symantec where data like
account numbers, passwords and list of essential clients were taken.
However Symantec said no sensitive information was taken from the
breach. Symantec implemented a new service for protection of their
data. This new service delivers automatic mode of protection that
invokes cloud based APIs. Symantec after that security breach
incident has provided more security to their network so that this kind
of information does not take place again.
Key word: network security, vulnerabilities, threats, APIs,
automation.
I. INTRODUCTION
A data breach in February at Symantec provided hackers for
accessing passwords, account numbers and a list of important
Australian clients as per report of Guardian Australia. It was
characterized by platform security vendor that that breach was
a minor incident as self-enclosed demo lab was involved in the
breach which was not linked with the corporate network of
Symantec. It was told by Symantec to the Guardian Australia
that there was no report of the breach as the demo lab have
any private sensitive data extracted or did not host from it. The
Australian Privacy Act needs notifications whenever a serious
harm is caused to individual whose private data is exposed
from data breach. Symantec, however said there was no report
disclosed in that breach which would activate any kind of
regulatory obligation.
II.DISCUSSION
The American giant cyber security Symantec has seen a
data breach which allowed hackers in accessing passwords
and a list of its reputed clients which includes large
Australian government agencies and organizations. The
hackers chose the accounts of Symantec which belongs to
many huge Australian businesses along with every major
departments of Australian government. The similar actor
who breached Symantec also took responsibility of stealing
data from Medicare program of Australia which later was
on sale on dark web. The hackers got list of respected
clients of CloudSOC CASB services of Symantec along
with account numbers and account managers. The data
found in exposed system contained small number of non-
sensitive and low-level files and dummy emails which was
only used for demonstration and not for production purpose.
No sensitive private data was accommodated nor was the
corporate network of Symantec. Symantec, as world’s
largest cyber-security organization, the target on Symantec
by hackers and several other cybercriminals was not

uncommon at all. The client list had the names of Australian
major banks, universities, insurers, federal police, retailers
and departments of federal government of New South
Wales. This was an older list of many private and public
entities present in Australia. Those entities in the list were
not customers of Symantec, nor were they provided services
by the organization. Department of Social Services of
Australia uses the products of Symantec which includes
CloudSOC, however any customer details or sensitive data
were no stored on the CASB tool of Symantec.
Many government departments of Australia which
consists of agriculture, home affairs, arts and
communication, employment and education claimed of
using other products of Symantec, however it is not
CloudSOC CASB tool. It was stated by home affairs that no
sensitive information about departments were hold by
Symantec. Other federal departments of Australia which
includes industry, finance, infrastructure and human
services said the CloudSOC services of Symantec was not
used by them nor any data were stored with Symantec. The
security breach extended for unstable period in Symantec
that included internal accounting investigation, unrest
activist investor and struggles of enterprise sales.
There are several factors which put the organization at
higher level of risk for a data breach such as leaving folders
unprotected and open. Cause for data breach might be the
hacking attacks, however it can be often a lost or weak
password which is vulnerability which was exploited by
opportunist hacker. Symantec implemented new service for
Cloud Workload Protection (CWP) solution of Symantec
and automated remediation were provided by Amazon
GuardDuty and threat intelligence were enhanced for
storage and workloads of AWS. Enterprises will help this
service in navigating the landscape of complex security
which allows AWS users to streamline and automate cloud
security’s key components. Automation is essential in
solving challenges of cloud-scale and supplement gap of
cyber security. The new service of Cloud Workload
Protection of Symantec addresses the challenges through
enhancing threat intelligence, automated remediation and
continuous assessment. CWP works with Amazon
GuardDuty in detecting security threats automatically and
misconfigurations in storage and workload in AWS.
Automatic mode of protection is also delivered by this
service where cloud APIs are invoked to receive automated
responses.
In the year 2019, a security breach took place in the
Symantec Company stealing data from some reputed
business organization. The same set of hackers or hacker
took the liberty to hack the Australia’s Medicare program to
sell them on dark web.
There are certain security measures that has to be taken in
order to prevent these incidents from taking place in the
country.
Symantec Breach in June 2019
Michael Novinson
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Some of the practices are advised for the data breach
protection in the company and that includes the following:
 Providing training regarding the security awareness:
The employees are the main resource of an
organization. They are the only ones held responsible
for the security reasons and the security breaches in
an organization. However, without right training, it is
not possible for them to provide an efficient services
to the organization. They can be a vulnerability in an
organization regarding the data security. Hence, an
effective training is important and act as a crucial
component of security as they ensures that the
employees are aware of the data security as well as
the data breach possibilities.
 Investing in the right security techniques: There are
as many as hundred cyber security technologies
available. All are not meant for security breach in the
field of data. But there are certain vulnerabilities that
has to be addressed separately. Like in case of data
loss, Data Loss Prevention solutions or DLP can be
used. Endpoint Protector is a type of DLP that can
help in preventing data breaches in the business field.
Another way of preventing data exposure to the
unauthorized entity is, prevention of unauthorized
access and preventing the users from sharing private
and confidential data over the company server. DLP
can protect the data in rest and transit phase.
 Data-protection Regulations: To prevent the data
leakage, the organizations prioritize the contents
specifically so that the priority data protection
regulation can meet the expectations of the security.
GDPR or the General Data Protection Regulation,
HIPAA or Health Insurance Probability and
Accountability Act, California Consumer Privacy Act
and PCI DSS are also used by the industries. For the
health care industries, HIPAA is in great use,
whereas, the companies that is involved with the
transaction using the credit cards or handling of the
sensitive information are dictated by the PCI DSS.
 Regular assessment for checking vulnerability: All
the companies have that framework developed. The
security audits on the regular basis acts as checklist
for work towards the data protection. CIS or the
center for internet security counts on the continuous
vulnerabilities and are important for the company’s
data security. To provide a higher level of data
security and protection, there is a requirement for the
detection of the vulnerabilities on the regular basis.
This helps in prioritizing the risk and searching for
the remedies.
 Data breach response plan: Data breach response plan
is important for responding to the breach and acting
as soon as possible.
III. CONCLUSION
In recent years, thousands of IoT devices and networks are
exploited by huge distributed denial of service (DDoS)
attacks. Symantec Corp, a cyber-security leader was attacked
by hackers and all the sensitive data like account numbers,
passwords and a list of essential clients of Australia were
taken. The accounts of many huge Australian businesses,
government departments were targeted by the hackers. A
client list of CloudSOC CASB services of Symantec were
extracted by the hackers. The data exposed in the security
breach included few non-sensitive and low-level files and few
dummy emails. The list of private and public entities available
in the system of Symantec were for testing purposes only.
After this breach, Symantec introduced a new service for
Cloud Workload Protection (CWP) of Symantec. Amazon
GuardDuty was also introduced for providing automated
remediation and enhancing threat intelligence for storage and
workloads of AWS.
BIBLIOGRAPHY
Algarni, A.M. and Malaiya, Y.K., 2016, May. A consolidated
approach for estimation of data security breach costs. In 2016
2nd International Conference on Information Management
(ICIM) (pp. 26-39). IEEE.
Ching, K.W. and Singh, M.M., 2016. Wearable technology
devices security and privacy vulnerability analysis.
International Journal of Network Security & Its Applications,
8(3), pp.19-30.
Lee, C., Lee, C.C. and Kim, S., 2016. Understanding
information security stress: Focusing on the type of
information security compliance activity. Computers &
Security, 59, pp.60-70.
Patrick, H. and Fields, Z., 2017. A need for cyber security
creativity. In Collective Creativity for Responsible and
Sustainable Business Practice (pp. 42-61). IGI Global.
Shim, J.P., 2019. Cyber-physical Systems and Industrial IoT
Cybersecurity: Issues and Solutions.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information
security management needs more holistic approach: A
literature review. International Journal of Information
Management, 36(2), pp.215-225.
Kennedy, S.E., 2016. The pathway to security–mitigating user
negligence. Information & Computer Security, 24(3), pp.255-
264.
Zafar, H., Ko, M.S. and Osei-Bryson, K.M., 2016. The value
of the CIO in the top management team on performance in the
case of information security breaches. Information Systems
Frontiers, 18(6), pp.1205-1215.
Ching, K.W. and Singh, M.M., 2016. Wearable technology
devices security and privacy vulnerability analysis.
International Journal of Network Security & Its Applications,
8(3), pp.19-30.
2

Esposito, C., Castiglione, A., Martini, B. and Choo, K.K.R.,
2016. Cloud manufacturing: security, privacy, and forensic
concerns. IEEE Cloud Computing, 3(4), pp.16-22.
Teoh, C.S. and Mahmood, A.K., 2017, July. National cyber
security strategies for digital economy. In 2017 International
Conference on Research and Innovation in Information
Systems (ICRIIS) (pp. 1-6). IEEE.
3