News & Comment: Clarkson PLC issue new advisory update on 2017 breach
NEWS: Global shipping company Clarkson PLC (49 offices in 21 countries), issued a new advisory update on a 2017 breach warning of the potential release of “confidential” information after the company refused to pay ransom to hackers who penetrated the company’s cyber defenses through a “single and isolated user account” which the company has disabled.
COMMENT:
Christian Vezina, CISO, OneSpan
“Whether through the billions of stolen credentials available out there, or through carefully crafted phishing messages, it is trivial for cybercriminals to have access to valid user credentials to infiltrate systems and access confidential corporate data. It is time for organizations to implement multifactor authentication to prevent such abuse of valid accounts. If properly implemented, it will significantly increase an organization’s security posture. Even accesses from inside an organization’s perimeter should not be trusted and require MFA, as one cannot ensure an endpoint will not be compromised. Also, ensure application of basic best practices such as proper network segmentation, use of encryption, inactivity timeouts and restrict accesses according to the principle of least privilege.”
Hugh Taylor
Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.