DELOITTE HACK: CYBERSECURITY INDUSTRY NEEDS TO STEP UP, EXPERT SAYS

DELOITTE HACK: CYBERSECURITY INDUSTRY NEEDS TO STEP UP, EXPERT SAYS

IN the wake of revelations of a widespread hack on accounting firm Deloitte's internal systems, a cybersecurity expert says his industry needs to step up its own systems to provide further protection for at-risk businesses..

The hack, which compromised the confidential emails and documents of Deloitte's blue-chip clients, reportedly went unnoticed for months.

Reports of the scope of the cyber-attack raised serious concern as the  firm specialises in delivering high-end cybersecurity advice to some of the world's biggest banks and multinational corporations.

Deloitte has attempted to downplay the impact of the attack, claiming it impacted "very few" clients.

So far, six clients of the "big four" accounting firm have been told their information was impacted by the hack.

Following the attack on Deloitte this week, and the hack of Equifax's servers earlier in the month, Brandon Swafford, CTO of Data Protection and Insider Threat Security at Forcepoint, says the cybersecurity industry needs to quickly address several problems.

"The industry must quickly focus on the crossroads between people, process and technology to adequately address these unyielding security threats," says Swafford.

"News of Deloitte's breach, reportedly resulting from a lack of multi-factor authentication that led to access of sensitive data in the cloud, highlights that a focus on one security risk point is not adequate."

It is reported that hackers accessed usernames, passwords, IP addresses, architectural diagrams, and health information, via an administrator's account. The initial report from The Guardian says the administrator account required only a single password and did not have "two-step" identity verification.

Swafford says one solution is to increase focus on training around cybersecurity for all employees.

"Organisations must start with a focus on their people and how they use and access critical data and systems," says Swafford.

"The only way to stop these cyber threats is to first understand normal user behaviour and normal movement of data in and out of the company.

"Companies can complement this human-centric security approach with internal training, policies and processes to help employees and partners understand what's expected of them. A focus on any one of these only puts more risk in the other."

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support

A game changer? Aspiring to the new standard on workplace mental health
Partner Content
Work health and safety regulators have been more active in the area of mental health ri...
Aon
Advertisement

Related Stories

Pacific Fair sale puts the spotlight on buyers for Dexus’ minority stake

Pacific Fair sale puts the spotlight on buyers for Dexus’ minority stake

The Gold Coast’s Pacific Fair shopping centre, fresh from pla...

Victoria opening to vaccinated international arrivals from 1 November

Victoria opening to vaccinated international arrivals from 1 November

With lockdown lifting today in Victoria the state’s governmen...

Atlassian boss pledges $1.5 billion for green investments amidst frustration over net zero chatter

Atlassian boss pledges $1.5 billion for green investments amidst frustration over net zero chatter

Atlassian co-founder Mike Cannon-Brookes may be taking the high roa...

Olivia Newton-John's Byron Bay resort sold to Twiggy Forrest

Olivia Newton-John's Byron Bay resort sold to Twiggy Forrest

Mining magnate Andrew 'Twiggy' Forrest's investment fir...