Strings of high profile cyber attacks have tightened focus on cybersecurity. A recent hack into financial firm Deloitte affected about 350 clients, according to a report by The Guardian. Among these clients were four United States government departments, the United Nations, and other large corporate entities.
The Guardian, who received information from anonymous sources with knowledge of the breach, reports that Deloitte is unable to confirm what data was exposed during the breach, raising concern for the security of consumer technologies.
And how did the attack happen?
According to The Guardian, the hackers gained access to an administrative account. This gave them access to the company’s email database. While the believe the breach has run its course, they realized that a problem may have been occurring in the Spring. This is when they enlisted Washington law firm Hogan Lovells to investigate.
“The hackers had free rein in the network for a long time and nobody knows the amount of the data taken,” a source said in a statement to The Guardian. “A large amount of data was extracted, not the small amount reported. The hacker accessed the entire email database.”
The Guardian reports that Deloitte initially only thought six clients had been effected, but sources allege that this number is actually greater. When pressed on the issue, a spokesperson told The Guardian:
“We are confident that we know what information was targeted and what the hacker actually did. Very few clients were impacted, although we want to stress that even when one client is impacted, that is one client too many.”
This attack, as well as those like it, have brought up the ever-present issue of cyber safety. With technology advancing as quickly as it is, cybersecurity recruiting methods need to advance as quickly as consumer technologies. This will give large organizations an advantage over small hacking groups that are trying to invade corporate systems. And this could be a matter of what it security recruiters and departments are looking at. We will need to refine this process excellence.
“Organizations are monitoring databases, not the data in it,” Dmitri Sirota of BigID said in a statement to The Guardian. “It?s hard to detect changes, prevent incidents or compare your data to notice breached information unless you have an inventory of what you have.” Find more. Continue reading here.