A hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web. Jones Day said in a statement that they are investigating the breach and are in discussion with affected clients and respective authorities.
Experts Comments
We are likely to see more breach disclosures originating from the Accellion file-sharing data breach over the forthcoming months.
Business leaders can take appropriate action now to help maintain the trust with their customers, partners and employees. They can achieve this by carrying out due diligence with their organization to understand if the Accellion data file sharing tool is in use, and/or was in use in the past.
Being transparent with customers, partners and employees about this
.....Read MoreA targeted ransomware organisation strikes again. Jones Day has said that the breach occurred because of a third-party was compromised. This attack by CLOP highlights the need for organisations to install robust security that defends themselves before their intellectual property is being stolen or altered.
This is a good example of a trend that we have seen emerging in 2020 and will continue to rise in 2021, that security protection tools have been (and will be) bypassed. It is becoming an
.....Read MoreThe breach suffered by Jones Day, a prominent law firm in the US, is not the first incident of CLOP ransomware that we’ve seen recently, and it is a strong reminder to companies to ensure tighter security on their networks.
With the threat of ransomware only continuing to increase, in order to protect themselves and their customers, organisations need to take the more pragmatic approach of assuming breach and not trust any traffic, inside or outside the network. Instead, only grant users
.....Read MoreThe Accellion breach highlights one of the key weaknesses of external file transfer systems, but also the over-arching issue of security versus convenience. When uploading any kind of sensitive file to an online repository, document transfer service, or even attach it to an email, it is best practice to encrypt the said file, and then provide your intended recipient with the decryption key through alternate means. This ensures that should a breach occur, your files are not in plaintext for the
.....Read MoreThis second breach of a customer of Accellion highlights the importance of ensuring that services used by an organisation are properly secured and that vendor security is taken seriously, as when you use their services you are still responsible for the data they handle for you. In order to manage and identify any risks introduced by third-parties, it is best practice to include them in the security assessments of your organisation. When doing this make sure that contracts with vendors allow for
.....Read MoreIn recent years legal and accountancy firms have been increasingly targeted as a pivot point to access data for larger organisations that are clients of these firms. This is because it is understood that associated legal and accountancy firms may not have the level of rigour in terms of cybersecurity that their clients may have implemented. Unfortunately, these firms may hold or be custodians to very sensitive data, but not have the controls to protect it. You can outsource the service, but you
.....Read MoreWhat we are seeing now are the effects of the Accellion intrusion from December, which has already been discussed in relation to for example Singtel and others. It’s an external file-sharing solution that’s decades-old and has been used by several organizations. As we are seeing more and more data related to the breach hitting the news, other organizations that have used the services should review and prepare processes to inform any clients and any individuals for whom data has been
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Supply chain attacks are an emerging kind of threat increasingly used by cyber criminals. The SolarWinds hack is a very recent case demonstrating the sophistication and the impact that this type of attack may have. A new culture is required by organisations to effectively manage this new reality; they need to enforce for the entirety of their third parties a minimum level of cybersecurity controls (both organisational and technical) prior to giving them access to any of their information
.....Read MoreSupply chain attacks are an emerging kind of threat increasingly used by cyber criminals. The SolarWinds hack is a very recent case demonstrating the sophistication and the impact that this type of attack may have. A new culture is required by organisations to effectively manage this new reality; they need to enforce for the entirety of their third parties a minimum level of cybersecurity controls (both organisational and technical) prior to giving them access to any of their information assets. Given the vast number of third parties an organization may digitally interact with, a standardised, automated and holistic cybersecurity evaluation process should be in place.
Read LessLinkedin Message
@Yiannis Fragkoulopoulos, Customer Security & Professional Services Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"A new culture is required by organisations to effectively manage this new reality...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cybersecurity-expert-commentary-hacker-claims-to-have-stolen-files-belonging-to-law-firm-jones-day
Facebook Message
@Yiannis Fragkoulopoulos, Customer Security & Professional Services Director, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"A new culture is required by organisations to effectively manage this new reality...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/cybersecurity-expert-commentary-hacker-claims-to-have-stolen-files-belonging-to-law-firm-jones-day