UK-based accounting software firm Sage has reportedly suffered a data breach. The attacker is thought to have used an internal login to access personal details of employees at around 300 companies. It is currently not clear if the data was merely viewed, or if it was stolen. IT security experts commented below.
Adam Bangle, Vice President of Northern Europe at FireEye:
In a statement to The Register, Sage mentioned that the attack had happened ‘within the last few weeks’. This puts it ahead of the average, based on findings from our recent M-Trends EMEA report which revealed that organisations are taking an average of 469 days (15 months) to identify a cyber-attack after the initial compromise.
This falls far below consumer expectations, however. Back in May 2016, a FireEye survey of 1000 consumers revealed 92% of people expect to be informed within 24 hours if a business that they deal with has suffered a data breach and their data may be compromised.
With the EU General Data Protection Regulation (GDPR) set to require that authorities are informed of a data breach within 72 hours, UK companies will need to improve their threat identification abilities or face stringent fines which are soon to be imposed by the EU.
While we don’t know whether Sage was negligent in this instance, the company was the biggest faller on the FTSE 100 this morning, proving that cyber-attacks can have many hidden consequences on businesses.
Detecting and preventing insider threats is a difficult task, but if organisations are able to identify the most critical assets and ensure that they have good visibility into the activities of those assets, the chances for detecting unauthorised activities increases and significantly reduces the likelihood that an insider will be able to execute a successful attack.
Organisations must stay vigilant against external threats, but should not ignore the risk that insider threats pose to sensitive data.”
Jes Breslaw, Director of Strategy at Delphix:
“Rather than establishing perimeter defences in hopes of repelling breach attempts, security-minded organisations need to invest in technologies that protect the interior—the data itself. The only way to 100 per cent protect that data is through masking, a fail-safe process which intelligently scrambles data and adds an additional layer of security to make it impossible for criminals to exploit.
“Yet, this process has traditionally been an expensive, complex task, with only one in five organisations adopting the method. By using a combination of data virtualisation and data masking, enterprises can now scale data masking for all copies of production data and safeguard it from both insider and outsider threats.”
Thomas Fischer, Threat Researcher & Global Security Advocate at Digital Guardian:
“What is perhaps more troubling is the lack of information or proper handling of the breach vis-à-vis the public, especially in the wake of the recent Talk Talk incident. High profile companies should be in a permanent state of alert, and must be prepared to immediately advise not only their customers, but also provide proper and timely information to the public. Communications, be that internally, with law enforcement or externally, are an essential aspect of any good incident and breach response plan.”
Ryan O’Leary, VP Threat Research Centre at WhiteHat Security:
“The other alternative is that a Sage employee has had their credentials compromised. This could have been caused a direct attack, where the attacker attempted to steal the credentials of a specific user, or by using compromised credentials from an entirely different data breach. The simple truth is that people often use the same username and password combinations on a variety of different sites and systems. With the high number of password leak incidents recently, attackers will no doubt be trying to use compromised credentials on a variety of websites, to see if they work. Users must make sure they’re using different passwords on every site.”