No company can have every security vulnerability covered at all times, but if you're the Nasdaq--which suffered a security breach a year ago--shouldn't you at least have patches installed, firewalls properly configured and software reasonably up to date? According to a news report from Reuters, the exchange failed in some of these basic security precautions.

The breach at the Nasdaq took place in its Directors Desk collaboration software for corporate boards, which directors use to exchange confidential data. The FBI is still looking into the breach, but so far investigtors have been taken by surprise by what appears to be "lax security" pratices, Reuters reported.  

"This was easy pickings," said one person familiar with Nasdaq's security practices. "You would have thought they would be like a cyber Fort Knox, but that wasn't the case at all."

Nasdaq senior vice president of information technology services, Carl-Magnus Hallberg, took issue with the characterization of lax security practices.  "This was a sophisticated attack," he said.

According to the Reuters article's sources, the malware detected on the Nasdaq network was "complex and insidious." However, if the company had taken better security precautions, it may have detected the attack sooner.

For more:
- the Reuters article

Related Articles:
More sunlight needed on network security discussion
Study says a data breach costs $7.2 million