This is a very interesting technique used by malicious actors and attackers to gain access to valuable data and information, including contact information. One could potentially argue that all of this information is in the public domain, so is it technically an unauthorized disclosure, incident, or breach. However, the consent to use this contact information is clearly where the privacy is breached, as these impacted individuals will not have given permission for their data to be shared and/or used for the various sales or marketing activities, and most concerningly, for dark web activities such as social engineering and phishing.

Trust and Security brand leaders will always be fully transparent as to the use of contact information, including consent, and take proactive measures to protect their end-users and customers contact data. It is their responsibility to do so in order to prevent cybersecurity risks such as phishing and/or other social engineering threats.

As expected, we are continuing to see the impact of the Accellion file-sharing data breach expand. We applaud the due diligence that many of the affected organizations are taking to be transparent with customers, partners, employees, and with CU, their students, about the exposure of their personally identifiable information (PII). As it appears to be the case with the University of Miami, an organization may not be directly exposed to the breach, but they may be using services or technology supported by Accellion.

It is important to incorporate access control and data lifecycle management into risk assessment by asking about past data/files transfers, and whether those files have been properly managed, such as having access removed when it is no longer required. The results of the cross-functional risk assessment will determine if the organization is vulnerable per the versions of Accellion exploited by malicious attacker/s. Having your security and/or technology organization monitor and track official communications issued by Accellion will allow them to keep up-to-date.

This is especially important because as the investigation continues more data will become available which may impact the associated risk to your organization, and require your organization to take more actions to reduce risk. If you are unclear from official communications where your organization is using a vulnerable version of not, reach out to Accellion for clarity - don’t just assume it's ok.

Password Stealing Malware and Phishing Attacks remain a challenge for most modern enterprises. Password Stealing techniques usually target the weakest link in an organisation’s security posture - the human being. Once successfully performed, any future attacks have a high chance of staying undetected as they use official credentials to access personal and business resources. Attackers don't need to pay lot of attention when obfuscating their actions as having full access allows them to run a large variety of other attacks, like stealing full identities, attacking internal services, exfiltrating sensitive company data, etc. As these tactics become increasingly sophisticated, companies must employ security measures such as multi-factor authentication in order to protect company data and prevent the loss of classified and sensitive information. Applying controls to technologies, making sure security is included in business processes, and ensure the organisation has a good security culture are all also key. Applying a Defence in Depth (DiD) model to security within your organisation, with security controls in place within technologies, business processes and culture will begin to support reducing risk associated with new malware variants. Don't underestimate the value of security awareness programmes for keeping your employee’s conscious of new malware threats.

Identity and access management is the fundamental protection control for reducing security, privacy and operational error events or incidents. The federal reserve IT outage is the latest example of an operational error. Knowing who and what is trying to access the environment, limiting their access only to their true business needs and asking employees to re-authenticate prior to carrying out high risk or high privilege actions are key access control components which reduce operational risk error impacts. Asking employees to re-authenticate prior to the execution of high risk or high privilege actions is commonly known as enhanced multi-factor authentication or enhanced MFA. Always remember that your employees are your most valuable asset, deploying an appropriate identity and access management strategy, program and control set protects them as well as  your organization against cybersecurity, privacy and operational risks.

Ransomware continues to be a global cybersecurity threat. In the business of cybercrime, ransomware takes the top spot since it has a high ROI by holding the victims' ransom for financial payment. Cybercriminals will of course continue to focus their efforts on this revenue-generating stream as we’re now seeing with the DoppelPaymer gang targeting Kia. During 2021, we will definitely see cyber-criminal individuals and groups try to maximize their return of investment with their attacks, whether it’s targeting high-value individuals and/or large enterprise organizations like a car company. The key message here is no one person or industry is exempt from the ransomware threat and it requires constant focus, assessment and review to ensure you and your critical information assets remain safeguarded and protected against it.

We are likely to see more breach disclosures originating from the Accellion file-sharing data breach over the forthcoming months.

Business leaders can take appropriate action now to help maintain the trust with their customers, partners and employees. They can achieve this by carrying out due diligence with their organization to understand if the Accellion data file sharing tool is in use, and/or was in use in the past.

Being transparent with customers, partners and employees about this tool usage and potential exposure allows for appropriate actions to be taken.

Business leaders and organizations need to take time out of their day to carry out due-diligence in relation to the Accellion breach. This will help them determine the likelihood of their exposure to the breach and establish the full use of Accellion in their organizations.

It's critical to ask each business leader if they are using an Accellion account belonging to a customer, partner, and/or vendor organization to send or receive shared files. An organization may not be directly exposed to the breach, but they could be using the Accellion version of the agent's organization which is exposed. It is important to incorporate access control and data lifecycle management into the risk assessment by asking about past data/files transfers, and whether those files have been properly managed, such as having access removed when it is no longer required.

The results of the cross-functional risk assessment will determine if the organization is vulnerable per the versions of Accellion exploited by malicious attacker/s. Having your security and/or technology organization monitor and track official communications issued by Accellion will allow them to keep up-to-date. This is especially important because as the investigation continues more data will become available which may impact the associated risk to your organization, and require your organization to take more actions to reduce risk. If you are unclear from official communications where your organization is using a vulnerable version of not, reach out to Accellion for clarity - don’t just assume its ok.

This is a great example of the need for organizations to build a comprehensive Trust and Security program focusing on people, processes and technology controls to protect data processed and stored, whether it's within their own organization or with a third party. This breach emphasizes the importance of a "Security First" culture within organizations who must stay on top of the latest threats. Security must be seen as a business enabler. The State of Washington appears to be taking the right steps in presenting an incident response process and alerting affected citizens.

Ransomware will remain a global cybersecurity threat during 2021 and the associated risk of this threat materializing will be more prevalent for certain industries and in particular Government bodies. Cybercrime is a business so all should think of it the same way. Out of all the various types of cybercrime activities, ransomware is the one activity that has a high direct return of investment associated with it, by holding the victims' ransom for financial payment. Taking the global economic environment and current market conditions into consideration, cybercriminals will of course continue to focus their efforts on this revenue-generating stream. In 2021 we are likely to see cyber-criminal individuals and groups partner together to try to maximize their return of investment with their attacks. This could be targeting high-value individuals and/or large enterprise organizations. The key message here is no one person or industry is exempt from the ransomware threat and it requires constant focus, assessment, and review to ensure you and your critical information assets remain safeguarded and protected against it.