Last August, a 16-year-old teen, hailing from Melbourne, Australia, took a bite out of Apple. The savvy kid hacked Apple’s servers and stole 90GB of secure files. Upon arrest, the cyber criminal told the police he did it because he loves the company and dreamt of working for them.
For more than a year, the teen hacked the servers and Apple didn’t notice. During the course of his criminal activity, he was able to steal authorized keys used to grant login access to users, as well as access multiple user accounts.
Its system administrators were unable to stop data from being stolen. When Apple finally caught onto the attack, they contacted the FBI, which worked with the Australian Federal Police to arrest him. In the raid on his home, they seized two Apple laptops, a mobile phone, and a hard drive. The serial numbers of the laptops matched the serial numbers of the devices that illegally accessed Apple’s servers. The other seized devices also matched the intrusions.
The teen even used WhatsApp to communicate his mischief. Apple spokesman said, “We […] want to assure our customers that at no point during this incident was their personal data compromised”. Despite Apple’s assurances, what solace does one get when reading about a teen hacking the world’s first trillion-dollar company, which has prided itself on top security? None.
Penetration testing with IT Governance USA offers hope
Penetration testing (also referred to as ‘pen testing’) is an effective method of determining the security of your networks and web applications, helping your organization identify the best way of protecting its assets. Pen tests are vital in uncovering vulnerabilities before criminals do.
The EU General Data Protection Regulation came into effect on May 25, 2018, and applies to all organizations that monitor the behavior of, or offer goods and services to, EU residents – irrespective of the organization’s location or where the data is processed.
IT Governance USA offers a variety of penetration testing services to suit your needs, whether you’re concerned about weaknesses in internal networks, web applications, wireless networks, or your staff’s awareness of social engineering attacks.
If you’re unsure about your requirements or have complex needs, get in touch with our Technical Services team, who will answer your questions over the phone or in an on-site meeting.
To help educate organizations, IT Governance USA is hosting, ‘Compliance solutions: How can penetration testing support your GDPR project?’ webinar, Tuesday, November 20, 2018, 1:00 – 2:00 pm EST.
The webinar covers:
- Penetration testing and its role in demonstrating compliance
- Implementing technical measures to ensure data security and compliance with Article 32 of the GDPR
- Why penetration tests are vital in uncovering vulnerabilities before criminals do
- How to meet legislative and regulatory requirements and achieve an integrated approach with standards such as the PCI DSS, ISO 27001 and the GDPR
Questions will be taken at the end.
You can discover how to prepare for a data breach by visiting our #BreachReady page. We break the process down into six simple steps and recommend tools and services you can use to complete each task.