BACKGROUND:
Panasonic has become the latest company to fall victim to a data breach, with the company reporting that its network was “illegally accessed by a third party,” beginning in June 22 and ending November 3. The breach went undetected until November 11. The news follows a ransomware attack that targeted Panasonic India less than a year ago in which hackers leaked 4 gigabytes of data that included email addresses and financial information. This month’s attack is also among a growing trend of cyberattacks on Japanese technology companies, with organizations such as Mitsubishi Electric and Olympus also being subject to attacks within the past year.
<p>Although Panasonic don’t know the cause of the leak yet, there’s every possibility that this breach may have something simple as it’s root cause. Data breaches like this often have surprisingly unsophisticated causes such as employees using insecure networks, common phishing scams or even outdated software. And all of these are easily preventable with basic cyber hygiene. It’s also interesting that Panasonic mentioned a previous attack on a subsidiary of the company. Research suggests that up to 80% of cyberattacks now begin in the supply chain. Cybercriminals have figured out that they don’t necessarily need to directly target big corporates to gain access to them, instead they’re increasingly targeting suppliers and subsidiaries.</p>
<p>Data breaches are commonplace nowadays, so all businesses should expect intruders to breach their networks. Therefore, it is essential that businesses continuously monitor for malicious attacks and unauthorised access so that if attackers do compromise their systems the business can act straight away, minimising the amount of time the attackers have to access the network and their ability to siphon sensitive information.</p>
<p>In this instance, Panasonic followed the correct steps by informing relevant authorities and publicly disclosing the breach. However, they are yet to confirm the exact nature of the breached data. This doesn\’t mean to say that sensitive data hasn\’t been compromised, so it is important that Panasonic customers are cautious following the incident, acting as if personal details has been breached until notified otherwise. For example, they should be alert to incoming texts, calls or emails featuring information previously shared with Panasonic. Customers should also consider passwords utilised for their customer accounts, if this has been duplicated on other personal accounts, this should be changed promptly.</p>
<p dir=\"ltr\">Reports of hackers gaining access to tech giant, Panasonic, is troubling given the amount of data such businesses hold and the ramifications if it falls into the wrong hands.</p>
<p dir=\"ltr\">Organisations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It\’s vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defence where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.</p>
<p dir=\"ltr\">Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers it is crucial to strengthen all processes relating to access verification. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside.</p>
<p>You can’t help but think how the attackers accessed the network and managed to lurk on the systems for such a long time. Attackers are becoming increasingly sophisticated and creative, meaning organisations are having to significantly step up their cybersecurity operations in response. That being said, organisations should be protecting their networks with both internally facing and externally facing perimeter defences, using security controls such as MFA to keep attackers out. Multi-Factor Authentication, for instance, would make it that much more complex for an outside party to gain unauthorised access to a corporate network, allowing them free reign to lurk on the systems. As cybercriminals become more and more sophisticated, it\’s of paramount importance organisations do the basics right.</p>