×

Too Big to Fall? Cyberattacks Claim Some Surprising Victims in September

IT Risk & Cyber Risk | 2 Min Read |24 October 17|by BLOG ADMIN
shutterstock

First it was Equifax with over 140 million accounts compromised. Then it was the SEC whose EDGAR public-company filing system was breached. Then came Deloitte who revealed that hackers may have accessed the sensitive details of several blue-chip clients. Apparently, no one is immune to a cyberattack any longer—not even the regulatory watchdog that’s been telling corporate America to get its cybersecurity act together.

All three attacks are a stark reminder of how little it takes for cyber barriers to be breached. Look at Equifax, for instance. Here’s a company that, according to an investigative report in Bloomberg, had invested millions in state-of-the-art security measures, implemented anti-intrusion software, and established a dedicated team to patch vulnerabilities quickly. But then they failed to notice and fix a flaw in their backend software, leaving the door open for attackers to trigger one of the most staggering cyber heists in recent memory.

Of course, the problems at Equifax run a lot deeper than a simple patch failure. Bloomberg provides a fascinating account of some of the events at Equifax that may have culminated in the data breach, including the departure of key security personnel from the company over the last few years.

What is evident from all of this—from the fact that some of the most reputed giants in the corporate and regulatory world can fall prey to cyber-attacks so easily—is that the problem of cybersecurity is a lot deeper and more complex than we might often think. There are no quick fixes, or easy answers. But certainly, a cultural and foundational shift is required in how we think about security, how we build our software and systems, and how we access and use sensitive data.

Driving some of these shifts are regulators. The New York Financial Authority has already proposed to extend its new cybersecurity rules to credit reporting firms such as Equifax. Meanwhile, the European Commission is moving to widen the role of the EU’s cybersecurity agency, ENISA, in two new areas – cybersecurity crisis management, and the introduction of a cybersecurity certification scheme to ensure that digital products and services are safe to use. Come May 2018, and another regulation—the General Data Protection Regulation (GDPR)—will be enforced with sweeping changes to how companies process and manage sensitive data.

Rules like these matter a great deal. However, they provide only the impetus for cybersecurity, not the tools. If we want to build more secure enterprises, we need to find better ways of protecting data. Perhaps, we need to start segmenting networks more (to limit the impact of a breach), or reworking infrastructure to ensure that multi-factor authentication becomes de rigueur, suggests this article in Wired.

It might also be pertinent to question if we’re are going about cybersecurity the right way. Instead of simply sealing the perimeter from outside threats (because borders can always be breached as threats evolve), should we be focusing more efforts on sensing and mitigating attacks as they occur? Better still, can we get to a point where we’re able to identify the right mitigating actions even if we’ve never seen the attack before? Artificial intelligence might hold the answers.

Contributor : Aruna Mary Zachariah


Comments

Leave a Comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
4 + 9 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Admin_avatar_1498731489

BLOG ADMIN

Posted Article: 113

Read More

Top Posts

The Next-Gen CISO - Building Cyber Resilience with Cyber GRC

IT Risk & Cyber Risk | | 5 Min Read

AWS Security Lake and OCSF: A Cyber Risk Perspective

IT Risk & Cyber Risk | | 4 Min Read

10 GRC Trends to Watch Out for in 2023

GRC | | 1 Min Read

Experience the Power of Connection

GRC | | 3 Min Read

Insurance Industry. Strengthen Cyber Resilience Now!

IT Risk & Cyber Risk | | 3 Min Read

lets-talk-img

Ready to get started?

Speak to our experts Let’s talk