DELOITTE HACK: CYBERSECURITY INDUSTRY NEEDS TO STEP UP, EXPERT SAYS

DELOITTE HACK: CYBERSECURITY INDUSTRY NEEDS TO STEP UP, EXPERT SAYS

IN the wake of revelations of a widespread hack on accounting firm Deloitte's internal systems, a cybersecurity expert says his industry needs to step up its own systems to provide further protection for at-risk businesses..

The hack, which compromised the confidential emails and documents of Deloitte's blue-chip clients, reportedly went unnoticed for months.

Reports of the scope of the cyber-attack raised serious concern as the  firm specialises in delivering high-end cybersecurity advice to some of the world's biggest banks and multinational corporations.

Deloitte has attempted to downplay the impact of the attack, claiming it impacted "very few" clients.

So far, six clients of the "big four" accounting firm have been told their information was impacted by the hack.

Following the attack on Deloitte this week, and the hack of Equifax's servers earlier in the month, Brandon Swafford, CTO of Data Protection and Insider Threat Security at Forcepoint, says the cybersecurity industry needs to quickly address several problems.

"The industry must quickly focus on the crossroads between people, process and technology to adequately address these unyielding security threats," says Swafford.

"News of Deloitte's breach, reportedly resulting from a lack of multi-factor authentication that led to access of sensitive data in the cloud, highlights that a focus on one security risk point is not adequate."

It is reported that hackers accessed usernames, passwords, IP addresses, architectural diagrams, and health information, via an administrator's account. The initial report from The Guardian says the administrator account required only a single password and did not have "two-step" identity verification.

Swafford says one solution is to increase focus on training around cybersecurity for all employees.

"Organisations must start with a focus on their people and how they use and access critical data and systems," says Swafford.

"The only way to stop these cyber threats is to first understand normal user behaviour and normal movement of data in and out of the company.

"Companies can complement this human-centric security approach with internal training, policies and processes to help employees and partners understand what's expected of them. A focus on any one of these only puts more risk in the other."

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support

Crypto staking: a new way to earn passive income
Partner Content
You may be familiar with traditional ways of earning passive income such as trading sto...
Etoro
Advertisement

Related Stories

Woolworths adds controlling stake in MyDeal to cart for $218 million

Woolworths adds controlling stake in MyDeal to cart for $218 million

Woolworths (ASX: WOW) is looking to enhance its online marketplace ...

SNL’s Pete Davidson to star in QLD feature film ‘Wizards!’

SNL’s Pete Davidson to star in QLD feature film ‘Wizards!’

The Australian screen sector has bagged two major wins today, with ...

Bendigo-based Apiam Animal Health saddles up with $13.8m acquisitions

Bendigo-based Apiam Animal Health saddles up with $13.8m acquisitions

Vet services business Apiam Animal Health (ASX: AHX) has gone ...

Scrap metal recycler Sims picks up Brisbane port site for $88 million

Scrap metal recycler Sims picks up Brisbane port site for $88 million

In order to acquire one of the few remaining Brisbane sites with de...