Two new Accellion file sharing server-related hacks have been reported – grades and social security numbers for students at the University of Colorado, and University of Miami Health System patient data have been posted online by the Clop ransomware group.
Experts Comments
As expected, we are continuing to see the impact of the Accellion file-sharing data breach expand. We applaud the due diligence that many of the affected organizations are taking to be transparent with customers, partners, employees, and with CU, their students, about the exposure of their personally identifiable information (PII). As it appears to be the case with the University of Miami, an organization may not be directly exposed to the breach, but they may be using services or technology
.....Read MoreIn today's landscape no organization is safe, whether you are in healthcare, education, transportation etc., which is why it is critical for all organization to adopt good cybersecurity hygiene and educate their users.
With the acceleration in digital transformation, there has also been a rise in security risks, which need to be addressed. Protecting users from phishing emails by digitally signing emails, moving away from passwords, and adopting MFA should all be part of the new strategy
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
As the Accellion-related fallout continues—this time at University of Colorado and University of Miami Health System—it’s a good time to reiterate the lessons learned. To begin with, always perform software patches and upgrades as soon as they are available. When software becomes outdated or meets its end of life status, make sure you look for current and fully supported products. In addition, keep in mind that threat actors are always looking for ways to get to your sensitive data.
.....Read MoreAs the Accellion-related fallout continues—this time at University of Colorado and University of Miami Health System—it’s a good time to reiterate the lessons learned. To begin with, always perform software patches and upgrades as soon as they are available. When software becomes outdated or meets its end of life status, make sure you look for current and fully supported products. In addition, keep in mind that threat actors are always looking for ways to get to your sensitive data. Outmoded protection methods such as perimeter security and access control no longer guard against concentrated efforts, and other methods such as standard encryption can also be cracked and can be a burden to administer.
Therefore, look for ways to protect the data itself rather than the borders around it, an approach known as data-centric protection and which includes methods such as tokenization. Tokenization replaces sensitive information with benign but meaningless tokens, so even if hackers get to your data, it is unintelligible and therefore worthless to them. Lastly, know that the fifteen minutes of infamy you will experience if your sensitive data is compromised can cause lasting and irreparable harm to your business, especially reputational damage. Avoid it at all costs through increased attentiveness to data security.
Read LessLinkedin Message
@Trevor Morgan, Product Manager , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Tokenization replaces sensitive information with benign but meaningless tokens...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/accellion-breach-leaks-university-health-system-data-expert-comments
Facebook Message
@Trevor Morgan, Product Manager , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Tokenization replaces sensitive information with benign but meaningless tokens...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/accellion-breach-leaks-university-health-system-data-expert-comments