Volvo Cars Discloses Breach And R&D Data Theft – Cyber Experts Comment

Volvo Cars disclosed that one of its file repositories has been illegally accessed by a third party confirming that a limited amount of the company’s R&D property has been stolen during the intrusion. Cybersecurity experts from KnowBe4 and comforte AG provided the following comments.

Subscribe
Notify of
guest
2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Erich Kron
Erich Kron , Security Awareness Advocate
InfoSec Expert
December 13, 2021 10:46 am

<p>Although ransomware groups are often involved in the theft of personal information, this is an example of how corporate information and intellectual property can also be a target. Most ransomware is spread through phishing emails or through exploiting RDP instances open to the internet. The snatch team makes great use of RDP in infection and lateral movement within an organization. To defend against these attacks, organizations are wise to ensure employees are trained on the importance of using complex passwords and not reusing passwords with other accounts. Organizations should also be on high alert for brute force attempts against RDP.</p>

Last edited 6 months ago by Erich Kron
Trevor Morgan
Trevor Morgan , Product Manager
InfoSec Expert
December 13, 2021 10:49 am

<p>The situation that Volvo finds itself in highlights a peripheral danger in leaked or stolen enterprise data—the threat of intellectual property and other proprietary information falling into the wrong hands. Most businesses are rightly concerned first and foremost with maintaining data privacy and security with regards to their customers’ data. Yet, hackers want to know more about the targeted companies themselves, knowledge such as trade secrets, corporate strategies, inventions, and any other bits of sensitive information which would create leverage in a ransom and blackmail situation. So, while companies look to protect their customers’ data in the best ways possible, with data-centric methods such as tokenization or format-preserving encryption, they also need to apply those controls to sensitive data about themselves. We all know that a company’s most valuable asset is data, and that includes data about what they themselves are doing and bringing to market.</p>

Last edited 6 months ago by Trevor Morgan
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x