DELOITTE HACK: CYBERSECURITY INDUSTRY NEEDS TO STEP UP, EXPERT SAYS

DELOITTE HACK: CYBERSECURITY INDUSTRY NEEDS TO STEP UP, EXPERT SAYS

IN the wake of revelations of a widespread hack on accounting firm Deloitte's internal systems, a cybersecurity expert says his industry needs to step up its own systems to provide further protection for at-risk businesses..

The hack, which compromised the confidential emails and documents of Deloitte's blue-chip clients, reportedly went unnoticed for months.

Reports of the scope of the cyber-attack raised serious concern as the  firm specialises in delivering high-end cybersecurity advice to some of the world's biggest banks and multinational corporations.

Deloitte has attempted to downplay the impact of the attack, claiming it impacted "very few" clients.

So far, six clients of the "big four" accounting firm have been told their information was impacted by the hack.

Following the attack on Deloitte this week, and the hack of Equifax's servers earlier in the month, Brandon Swafford, CTO of Data Protection and Insider Threat Security at Forcepoint, says the cybersecurity industry needs to quickly address several problems.

"The industry must quickly focus on the crossroads between people, process and technology to adequately address these unyielding security threats," says Swafford.

"News of Deloitte's breach, reportedly resulting from a lack of multi-factor authentication that led to access of sensitive data in the cloud, highlights that a focus on one security risk point is not adequate."

It is reported that hackers accessed usernames, passwords, IP addresses, architectural diagrams, and health information, via an administrator's account. The initial report from The Guardian says the administrator account required only a single password and did not have "two-step" identity verification.

Swafford says one solution is to increase focus on training around cybersecurity for all employees.

"Organisations must start with a focus on their people and how they use and access critical data and systems," says Swafford.

"The only way to stop these cyber threats is to first understand normal user behaviour and normal movement of data in and out of the company.

"Companies can complement this human-centric security approach with internal training, policies and processes to help employees and partners understand what's expected of them. A focus on any one of these only puts more risk in the other."

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support

How to conduct an effective board assessment: a step-by-step guide
Partner Content
Your directors should conduct a board assessment annually. Let's examine what a boa...
OnBoard
Advertisement

Related Stories

“Lifting up your eyeline”: Lessons on ambition from the founder of a unicorn

“Lifting up your eyeline”: Lessons on ambition from the founder of a unicorn

While today ed-tech Go1 is a 'double unicorn' with a global...

TGA approves MDMA, psilocybin for mental health treatment

TGA approves MDMA, psilocybin for mental health treatment

Australia’s therapeutics regulator has announced today that p...

“I wanted to change my life”: How Zoe Gordon beat burnout to build Byron Bay Gifts

“I wanted to change my life”: How Zoe Gordon beat burnout to build Byron Bay Gifts

While burnout can leave us feeling debilitated and overwhelmed, it ...

Atlassian losses continue despite subscription revenue growth

Atlassian losses continue despite subscription revenue growth

Australian-founded tech giant Atlassian Corporation (NASDAQ: TEAM) ...