News recently broke that the emails of over 350k clients of the Oregon Department of Human Services (DHS) have potentially been compromised after 9 employees were the target of a spear phishing campaign. It left 2 million emails potentially exposed.
The Oregon Department of Human Services announced that roughly 2 million emails with Protected Health Information from more than 350,000 customers have been potentially exposed after 9 employee mailboxes were compromised. https://t.co/mT0JDHqsgI
— 4iQ Delve Deep (@4iQ) March 22, 2019
Expert Comments Below:
Jonathan Deveaux, Enterprise Data Protection Specialist at comforte AG:
“It seems no matter how much training and awareness that is provided, the human element remains the weakest link in the cybersecurity chain. The problem is not entirely the employees’ faults, as hackers and attackers are improving their tactics to trick employees into clicking on links infested with malware. A determined attacker may go as far as designing an email to look authentic and even read as if clicking on the link is the right thing to do.
“What is clear is that human activity in cyber-space is still susceptible to data breaches, leaks, or exposure. Therefore, companies need to take a more active approach to safeguard their businesses from cyber-attacks. AI can help determine if emails should be captured and quarantined before even getting to employees’ inboxes. De-identifying sensitive data can also ensure that the data a cyber attacker is usually after has no exploitable value. Continued awareness training, education, and communication can help reduce the likelihood of humans clicking on malware-laced links, even though the possibility is highest among threat vectors.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.