In February 2011, HBGary, a technology security company, was found that its Gmail cloud e-mail service was compromised by an anonymous group. An interview with HBGary CEO, Greg Hoglund reveals that the anonymous group gained access to HBGary's Google-hosted e-mail service through a stolen password. Hoglund became aware that the service was compromised, but was unable to prove his own identity to Google's help desk quickly enough to have the service shut down before the anonymous group had downloaded HBGary's e-mail records.
This security incident was a successful attack against HBGary, not against Google's cloud-based e-mail. Google's standard mechanism for authenticating a customer making service requests involves asking the customer to place a file on its own website. This works well in normal circumstances but failed when HBGary needed to immediately turn off access to its Google services after having already been forced to shut down its own website. No alternate or emergency response mechanisms had been defined in advance. HBGary's management should have realised that attacks were likely and should have tested its incident-response processes
Universities are now relying on sophisticated information systems and infrastructures with high connectivity for daily operations and academic research purpose. The complex nature behind these factors can be easily exploited by malicious parties, which makes security incidents inevitable.
An effective security incident management is a balance of driving the impact of the incidents down, while containing and resolving security incidents as efficiently as possible. A good security incident management will also help universities to prevent future incidents.