Expert Comments

Expert Reacted On Isentia Breach And Its Impact On Government Departments

Expert(s): Security Experts
Expert(s): Security Experts

Following the news that a media monitoring firm Isentia in Australia has been hit by a ransomware attack, impacting their work with government departments and the Australian Stock Exchange, please find a comment below security experts:

Experts Comments

Dot Your Expert Comments
Neil Stobart
October 29, 2020
Vice President, Global System Engineering
Cloudian

Organisations need to seek solutions which offer centralised control of all their storage siloes.
Today’s attack is yet another example of the risk posed by ransomware attacks and phishing scams. Protecting data from malicious attacks should be top of the agenda for all businesses, especially with the added risk of increased remote working. The sudden rise of remote working in response to Covid-19 has led to company data being increasingly dispersed across diverse areas of organisations, multiplying security risks. With businesses now storing significant amounts of data on employee.....Read More
Today’s attack is yet another example of the risk posed by ransomware attacks and phishing scams. Protecting data from malicious attacks should be top of the agenda for all businesses, especially with the added risk of increased remote working. The sudden rise of remote working in response to Covid-19 has led to company data being increasingly dispersed across diverse areas of organisations, multiplying security risks. With businesses now storing significant amounts of data on employee laptops, as well as on a mixture of geographically distributed public and private clouds, cybercriminals now have an wealth of new endpoints they can infiltrate, inspiring them to try their luck. Organisations need to seek solutions which offer centralised control of all their storage siloes, so that they can implement universal security and DR practices regardless of where data lies within their ecosystem. This can include limiting access to only authorised users, enforcing two factor authentications, highlighting suspicious activity, or automatically making immutable locked backups of your data as last bastion of defence against ransomware. Doing so will allow business to maintain continuity despite this pronounced spike in IT complexity which remote working has caused.  Read Less
Javvad Malik
October 28, 2020
Security Awareness Advocate
KnowBe4

Organisations should remain invested in security awareness training and IT cyber hygiene to reduce the risk of being infected.
It appears that lockdown has not slowed down cybercriminals who are working just as hard to infect as many organisations as possible with ransomware. It is a reminder that even though many organisations have staff working remotely or have a reduced workforce, cybersecurity needs to remain an integral part of all activities. Ransomware typically will infect an organisation either through phishing emails or by taking advantage of unpatched software. So organisations should remain invested in.....Read More
It appears that lockdown has not slowed down cybercriminals who are working just as hard to infect as many organisations as possible with ransomware. It is a reminder that even though many organisations have staff working remotely or have a reduced workforce, cybersecurity needs to remain an integral part of all activities. Ransomware typically will infect an organisation either through phishing emails or by taking advantage of unpatched software. So organisations should remain invested in security awareness training and IT cyber hygiene to reduce the risk of being infected.  Read Less
Niamh Muldoon
October 28, 2020
Senior Director of Trust and Security EMEA
OneLogin

Organisations today cannot afford to take cybersecurity for granted.
Cybercriminals are relentless in their efforts to disrupt operations and reap financial rewards. Organisations today cannot afford to take cybersecurity for granted. All businesses need to be prepared and work with their Executive Management Teams to make informed business decisions on how they will respond to cybersecurity events such as a ransomware attack. Having an in-depth proactive approach to security along with a robust Business Continuity Plan reduces business impacts for ransomware.....Read More
Cybercriminals are relentless in their efforts to disrupt operations and reap financial rewards. Organisations today cannot afford to take cybersecurity for granted. All businesses need to be prepared and work with their Executive Management Teams to make informed business decisions on how they will respond to cybersecurity events such as a ransomware attack. Having an in-depth proactive approach to security along with a robust Business Continuity Plan reduces business impacts for ransomware attacks. This includes threat awareness, strong access control with multi-factor, security tooling for monitoring/alerting, regular backups, version control, and thorough testing of disaster recovery procedures.  Read Less
Tim Mackey
October 28, 2020
Principal Security Strategist
Synopsys CyRC

The underlying threat models should take into account how an attacker might use the data they collect.
Ransomware attacks are on the rise, and for the attackers, it’s likely comforting to learn that per IDC’s ANZ Ransomware Survey almost 1/3 of ANZ organisations hit by ransomware in the past two years paid the ransom. Unfortunately, when payment occurs, those monies are then available to create yet more innovative attacks, and potentially fund other criminal activity – a situation highlighted by the US Department of the Treasury’s Office of Foreign Assets Control in an advisory last.....Read More
Ransomware attacks are on the rise, and for the attackers, it’s likely comforting to learn that per IDC’s ANZ Ransomware Survey almost 1/3 of ANZ organisations hit by ransomware in the past two years paid the ransom. Unfortunately, when payment occurs, those monies are then available to create yet more innovative attacks, and potentially fund other criminal activity – a situation highlighted by the US Department of the Treasury’s Office of Foreign Assets Control in an advisory last week. For businesses seeking to restore operations quickly, payment of the ransom may seem like an acceptable solution. Unfortunately, as the Toll Group found earlier this year, implementing IT improvements following one attack doesn’t preclude another successful attack. Defending against any type of malware requires a comprehensive plan that looks at human factors in addition to technologies. Importantly, the underlying threat models should take into account how an attacker might use the data they collect. In the case of Isentia, customers should look to change any credentials they’ve provided on the Isentia platform as well as to revoke any access tokens to media platforms Isentia was monitoring for them. Doing so could limit ongoing damage if Isentia's customer data was exfiltrated during the attack.  Read Less
Steve Forbes
October 28, 2020
Government Cyber Security Expert
Nominet States

This incident also reminds us of the importance of vetting third parties in terms of their cyber resilience.
The impact of Isentia, a media-monitoring firm, being hit by a cyber attack demonstrates the interconnected world of national cyber defense. While a media monitoring firm wouldn’t typically be considered part of critical infrastructure, its work with many government departments and large organisations – such as the Australian Stock Exchange – has now been put on hold due to the cyber attack. This incident also reminds us of the importance of vetting third parties in terms of their.....Read More
The impact of Isentia, a media-monitoring firm, being hit by a cyber attack demonstrates the interconnected world of national cyber defense. While a media monitoring firm wouldn’t typically be considered part of critical infrastructure, its work with many government departments and large organisations – such as the Australian Stock Exchange – has now been put on hold due to the cyber attack. This incident also reminds us of the importance of vetting third parties in terms of their cyber resilience. While the full details of this particular security breach are yet to emerge, best practice advice is to ensure third parties have at least similar practices and procedures as your own to keep sensitive data safe.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

$2bn Startup Glovo Falls Victim To Cyberattack

Vulnerabilities Found In Wifi-routers

Experts Reaction On REvil/Sodin Behind UnitingCare Breach

Experts On IOS 0-Days Vulnerabilities Discovered

Uni Research Finds That Fertility Apps Collecting And Sharing Sensitive...

44% of Orgs. Report Breaches Due to 3rd Parties, 74%...

92% Of Organisations Who Pay Ransoms Don’t Get All Their...

Experts Comments on World Password Day

Expert Insights On Ransomware Task Force Report

Expert Commentary – Ofcom Warn People Not to Trust Caller...