Following the news that:
Telstra is rocked by a data breach with hackers gaining access to staff info.
Telstra is rocked by a data breach with hackers gaining access to staff info (msn.com)
The CLOUD Act certainly accelerates and simplifies complex investigations in cyberspace, being an efficient and effective alternative to now-outdated MLATs and other traditional instruments used in cross-border criminal investigations. The executive agreement between the US and the UK enacted under the Act will, however, unlikely have a revolutionary effect.
Law enforcement agencies from the two countries have already established tenable and rapid communication mechanisms when seeking digital evidence from each other in transborder criminal investigations. Likewise, while Australia has also joined the club, other countries are reluctant to participate because of, among other things, privacy concerns. Cybercriminals are well aware of it and purposely store their data in countries that are reluctant to cooperate in cross-border criminal matters, preferably in those states that still have not signed the Budapest Convention on Cybercrime. Therefore, to ensure a frictionless investigation of transnational cybercrime and computer-enabled crime, global cooperation – involving as many jurisdictions as possible – is crucial. Nonetheless, the CLOUD Act serves a laudable example for other countries to join or enact similar legislation.
Any significant breach such as the one which has hit Telstra is concerning for all affected individuals. it appears as if the breach occurred via a compromised third party. While this may be true, it doesn’t absolve Telstra of responsibility. All organisations need to be mindful in managing their third parties and the security of information shared with them or the systems to which they are granted access.
Criminals which obtain the information can use it to launch carefully crafted social engineering attacks against individuals. Therefore people should be careful of any communication they may receive purporting to be from Telstra, or indeed any organisation which they have not been expecting and which may ask for more information or payment.
This breach follows a typical, but preventable pattern: a 3rd party was compromised and mass PII data was exposed. Telecommunication companies are among the most lucrative attack targets given their cloud connectivity and sensitive data accumulation potential for theft they are in the attackers spotlight all the time. What this clearly points to is the acute need for data-centric security that goes beyond perimeter security and compliance check-lists into managing specific data threat risks, neutralizing them in the event of the inevitable breach to make it a non-event. Best of all, data-centric security travels with data, no matter where it goes. Inspecting your data security measures with an eye toward protecting the data itself is a good allocation of time and can only provide beneficial outcomes.
It is essential that Federal Agencies have and report an accurate inventory of connected devices. Securing the enterprise is contingent upon knowing and understanding the makeup of an IT environment and asset visibility a fundamental requirement. BOD 23-01 establishes a 7-day requirement for asset discovery which is a step in the right direction but could be more aggressive. Real-time discovery is key to uncovering blind spots and eradicating shadow IT. Not only do defenders need to have a comprehensive perspective of all known devices, but they also require timely alerts as new devices connect to their networks. Delaying new asset discovery by a day or more can significantly increase risk and exposure.
CISA is moving forward in setting deadlines for vulnerability enumeration and reporting through the CDM dashboard. As new vulnerabilities are discovered Agencies must have the capability to comprehensively scan their endpoints and know within minutes if they are exposed. When a critical vulnerability exists in the Federal Enterprise it is essential to understand the scope of the exposure and to have an immediate path to remediation. Adversaries move quickly, and accepting the unnecessary risk of unpatched vulnerabilities, misconfigured systems, and data gaps can be detrimental.
Agencies must reduce the clutter of legacy applications and reduce the deployment of single use software. It is imperative to secure the software supply chain to reduce the risk of introducing net new vulnerable applications, but Agencies must also proactively reduce the number of applications on-hand. Using dynamic software platforms that converge security and operations can be transformational in shifting to a more mature security posture.
Employee related information can be easily leveraged in targeted phishing attacks to make them appear much more realistic. As it has been discussed many times before, users are typically the weakest link of the security “chain”, unless they are very well educated in terms of cybersecurity, they are easily tricked by attackers.
Telstra and their business partners, suppliers, clients, and providers, will have to pay special attention in the future to targeted attacks, and properly educate their users to mitigate as much as possible the consequences of this breach.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics