kalenjinherdsboy wrote:vky wrote:kalenjinherdsboy wrote:murchr wrote:I would like to know what they were hired to do. NIC should fire that DBA with immediate effect. How do you assign rights that could sabotage you to an outsider. Even employees are not assigned all rights
Maybe mobile banking? We can't honestly say.
The bank will hide behind reputational risk to prevent disclosing the details of this case.
if indeed they were retained by the bank then they are information security guys who are hired by institutions to test the vulnerability of institutional IT systems where very few people in the company know that they have been hired, they are hired to look for ways to hack into the company's systems but they do not interfere with anything after gaining access instead they help companies strengthen the holes that gave them access in the first place.
From past experience those reports gather dust after submission. No surprise as many IT departments are overworked and undermanned.
One of the basic security 101's is to encrypt the data, and not to keep the data in the DB in plain text. This will mean that even if an intruder manages to steal the data, the intruder will not be able to decrypt without the encryption key & algorithm, this means that the other thing that will need to be done well is the safe storage of the encryption key & algorithm.
They tried to bury us, they didn't know we were seeds.