News & Comment: Clarksons says single user account to blame for data breach | ZDNet

In response to a report that global shipping organization Clarksons says single user account to blame for data breach, leaving the company warning that “confidential” data may be released after it’s refused ransom demands, an expert with NuData Security offers perspective.

COMMENT:

Robert Capps, Vice President of Business Development, NuData Security, a Mastercard company:

“A major attack can begin with as little as the compromise of a single account, exposing troves of sensitive information. Clarksons PLC is issuing updates about the situation.

 “We’ve seen data that up to 91% of cyberattacks start with a phishing email, and this event will undoubtedly serve as a learning experience for organizations. This should also remind users to never click on links received from unknown people and, likewise, to avoid clicking on suspicious links sent by friends – whether through social sites or email.

“Organizations that transact online should reduce their dependence on “known knowns” to verify their users. Whether email addresses or other personal data, these are unreliable and companies need to implement multi-layered defenses. 

“Many industries, such as retail and finance and, increasingly, government and healthcare, are incorporating passive biometrics and behavioral analytics that help verify customer identities through the real-time analysis of the hundreds of indicators derived from the user’s device interactions and online behavior. Because such analysis does not rely solely on static data – a password, challenge questions or the consumer’s personally identifiable information – it cannot be mimicked or re-used by bad actors.”