Many people love living in the Tampa area for a lot of reasons, among them of course is having access to regular use one of the most popular airports in the USA - Tampa International Airport (TIA). Unfortunately for the people that run TIA, they experienced an IT security breach as reported in May. However, unlike a lot of the other organizations, because it is an international airport, the profile of the breach was far higher because of its security status.
Here is what we know from what was reported, and it reads like an information security “Don’t Do List”: TIA hired an individual (and apparently his wife) to work on an Oracle project and that person shared their VPN logins and (privileged) accounts and passwords with almost a dozen other people and some others working for a staffing firm, “who logged into the system dozens of times from places like Mumbai and Pradesh, India, United Arab Emirates and Kashmir, India.”
This episode brings into clear view the unfortunate collision of insecure VPNs, open vendor access and lack of best practices in password management. Here are five lessons that any company bringing third parties into their security environment should take into account. Read more.