It has been announced over the weekend that Samsung has disclosed a data breach.
On Sept. 2, Samsung notified customers of a “cybersecurity” incident that happened in late July, discovered on Aug.4, resulting in a breach of personal information including “names, contact and demographic information, dates of birth, and product registration information.” The company reassured customers that the breach did not affect social security or credit card numbers stored in the system.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The Samsung data breach disclosure comes on the heels of a highly visible Apple security vulnerability and is a stark reminder of the dangers of an expanded attack surface with the proliferation of mobile endpoints, and that device native security alone is not enough. According to BlackCloak research, 87% of executive devices have no security measures at all installed and 76% are actively leaking data. Apart from installing the latest software updates, a key strategy for avoidance is using a next-gen VPN with stealth technology to obfuscate the mobile device’s digital footprint on the Internet or public cloud. Such VPNs provide defense in depth by obfuscating end users, their source and destination relationships, as well as sensitive data flows. This makes it virtually impossible, even for a sophisticated threat actor, to detect or target such users and devices in the first place, even with underlying security vulnerabilities.
For many organisations, breaches like this are the result of failing to manage identity data and implement strong Identity Access Management principles. It is extremely serious that an unauthorised user was able to get their hands on Samsung customers’ personal information.
Many organisations suffer from identity sprawl, where identity data is spread across different applications which cannot communicate with each other, which ultimately means that systems – and therefore data – is siloed. This poses a huge security risk, with siloed systems increasing the attack surface of an organisation and creating gaps for threat actors to exploit.
Heavily siloed systems result in organisations failing to build complete and accurate user profiles. Security teams then struggle to properly identify users and give them the correct access, ultimately leading to security breaches such as this one on Samsung.
Organisations need an Identity Access Management solution which can unify and streamline their identity data to provide complete and accurate user profiles. With complete visibility over systems, security teams are then able to properly track who should be accessing what, therefore reducing the risk of a serious breach.
Considering that Samsung is one of the world’s leading technology companies, it is very concerning that it has taken the organisation a month since discovering the breach to notify customers.
This will have essentially left critical customer data in the hands of criminals and the victims would have had no reason to be on the lookout for suspicious activity and phishing scams.
For any customers that have been notified about the attack, it is time to update the passwords and enabled multi factor authentication on your online accounts and also be on high alert for phishing scams.
This has been a tough year for Samsung and it’s clear that damage caused by the Lapsus$ ransomware gang was far worse that initially thought.
This highlights that when it comes to ransomware, prevention is always better, and more cost-effective, than cure.