Something is seriously wrong when you hear Deloitte have suffered a data breach. Aren’t they well known for their cyber security services? What did they miss?
Deloitte, one of the world’s largest corporate finance agencies, suffered a cyber attack which is said to have compromised confidential data of some of its clients. Hackers were able to gain unrestricted access to an administrator account, which required only a single password, after two-factor authentication (2FA) hadn’t been enabled.
It is reported that the attackers may have also gained access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information.
Deloitte has since come out with a statement saying that “no disruption has occurred to client businesses” and that it “remains deeply committed to ensuring that its cyber-security defenses are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cyber security.”
The Deloitte attack comes less than a month after the Equifax data breach where an estimated 143 million people were affected.
Data breaches are coming thick and fast with cyber attackers showing no signs of slowing down with who they target. Because of this, companies need to do their upmost to protect all sensitive data.
In the Deloitte scenario, 2FA should have been initiated, regardless. However, had the data been encrypted from the beginning, the data would have been rendered useless unauthorized parties, thus leaving the sensitive information still protected should the attackers gain access to it.
Data protection officers need to observe how their organizations secure data and need to ask themselves whether or not they are doing all they can to protect critical information.
This is just another example that shows that even a behemoth of an organization like Deloitte, who specializes in cyber security, can drop the ball. Events like these should act as the catalyst for encryption adoption as the number one data security defense going forward. We all know security is just as much a people and processes issue as it is a technology one, but getting the right technology in place that serves as back up in case of people or process failure is a huge step in the right direction to keeping data at its most secure.