We have recently been working for individuals and their families of a company in the UK who suffered a major security breach resulting in personal information being accessed including at board room level, opening individuals up to potential personal exploitation. We will post further about this case in the coming days as there have been some good lessons identified and we believe worth sharing. The investigation into the breach remains ongoing but on the back of it we have been tasked with several areas to advise and assist including providing personal security advice/training to board members and immediate families. And, due to the nature of the assessed threat, several physical security audits have been required.
In what appears to be a similar case it has been reported that Australian telecom giant ‘Optus’ have been breached, and nearly 2.1 million of its current and historic customers suffered a leak of personal information. The leaked data is said to contain email addresses, phone numbers, and DOB, necessitating that customers remain cautious. Due to this breach, there will most likely be further attempts to exploit the individuals whose data has been leaked. The security incident, which came to light on September 22, involved a malicious actor gaining unauthorised access to customer information. It’s not immediately clear how and when the actual intrusion took place. This is another example that major breaches continue to occur and we must not drop our guard. We must raise our awareness about where our data is stored and how it’s accessed. It is essential to know this, so to better understand how to protect against unauthorised access.
1. Know your data – where it is stored, how it’s stored and how it is accessed
2. Conduct regular testing on the environment to ensure vulnerabilities are patched
3. Test staff regularly with phishing campaigns, training exercises and tutorials
4. Prepare the exec team – desktop exercises to rehearse what to do if a breach occurs