Was Monsanto's security mistake ‘made all too often’?

Security

by Jimmy Nicholls| 02 June 2014

Security expert Jody Brazil analyses the Precision Planting breach.

Monsanto's decision to house customer and employee data on one server is a "simple mistake made all too often", according to the president of security firm FireMon.

Jody Brazil, who is also the chief technology officer at the security company, commended the farming company for its haste in informing the relevant authorities and bringing in forensic experts after its subsidiary Precision Planting was breached, but reproached the firm for not segmenting its data.

He said: "Segmenting a network and distributing sensitive information across different servers on appropriate network sub-segments can and will limit the damage of a data breach - the cybersecurity equivalent of not putting all your eggs in the same basket."

Speaking on behalf of Monsanto, Christy Toedebusch said that fewer than 1,300 farmer customers were affected by a breach discovered on March 27, in which financial information, social security numbers and customer addresses had been compromised.

In a letter to the Attorney General of Maryland, the company said they believed the breach "was not an attempt to steal customer information".

As an apology the chemical and farming firm will offer credit monitoring services to those whose data was compromised, and the firm will revise its security measures.

"While no system can be completely secure, we believe our new security protocols will provide significant protection for customers' data," Toedebusch said.

Brazil added that it was easy to criticise companies for bad security practices, but that making such information public would allow others to learn from the mistakes.

"What is clear is that Monsanto has done everything in their power to limit the damage of the data breach by informing relevant government organisations, calling in forensics experts, and contacting the FBI to assist in dealing with the breach," he said.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

743 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.