Deloitte Data Breach
Yet another company has been a victim of a cybersecurity breach. This is time it is an accounting giant Deloitte.
Deloitte, which is one of the world’s big four accounting firm, made $37 billion in revenue through its services which include auditing, consulting, merger and ironically cybersecurity consulting.
Story which was published on Monday morning said a breach at Deloitte involved usernames, passwords and personal data on the accountancy’s top blue-chip clients.
“The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached,” The Guardian’s Nick Hopkins wrote. “The companies include household names as well as US government departments. So far, six of Deloitte’s clients have been told their information was ‘impacted’ by the hack.”
Deloitte’s customers include some of sthe world’s largest banks and companies, media firms, pharmaceutical businesses and government agencies.
It appeared that Deloitte knew something wasn’t right for quite some time. The company actually sent out a message to all its staff for a ‘mandatory password reset’ in Oct 2016. The email notices highlighted that employee passwords and PIN’s must be changed by the next day. The employee who fails to do so will not be able to access their email or Deloitte applications.
Yet no one is quite sure to what actually happened. The company in fact does not yet know precisely when the intrusion occurred, or for how long the hackers were inside of its systems. Apparently, Deloitte have fallen victim to attackers using an administrative password and account to access their Azure storage. Attackers compromised the firm’s global email server via a password-protected administrator account that didn’t use two-factor authentication. This has sent out a wake-up call to industry to pursue a more proactive approach to their cyber-security.
This emphasises the fact that passwords need to be combined with other layers of security within a two or multi-factor approach as it still has a vast important role to play in securing information.
With standard security procedures only requiring a simple username and password it has become increasingly easy for hackers to gain access to a user's private data such as personal and financial details. This is where two step authentication (2FA) acts as an extra layer of security that requires not only a password and username but also something that only user has on them such as a physical token which generates a one time password.
Combining username, password with a piece of information that only the user knows makes it harder for potential intruders to gain access.
Gemalto’s 2FA product SafeNet Authentication Service (SAS) delivers fully-automated, highly secure authentication-as-a service with flexible token options that are tailored to the unique needs of any organisation, substantially reducing the total cost of operation. If you would like to see a demonstration on either of these products, please contact us today