I’ve said many times data is the new gold. This may be
used/sold many times and cut for the purchaser’s needs. Another aspect which
makes this attractive to attackers is diversity. If a company has more than one
type of data, there are more targets of different types which could be
liberated from the company and sold or ransomed. For example, they may be
industrial data with schematics and product design. This would certainly be a
crown jewel to seek. Couple this data warehouse with another data set (e.g.,
consumer data) and there are more targets.
This is notable as Nissan Motor Corporation and Nissan
Financial Services in Australia and New Zealand experienced a breach. This was
confirmed on December 22, 2023. In this case, the company is assessing the
extent of the breach. What is known however is an estimated 100GB of data were
stolen by the infamous Akira ransomware group.
While this is troubling, there are lessons to learn from
this to assist others in not making the same oversight. With each set of data,
a security check should be done. The data could be held in different locations
or platforms. Each of these should be reviewed for vulnerabilities. The greater
likelihood is these are not co-located and may present unique vulnerabilities
on their own.
Thank you.
Services
Enterprise and Embedded System Cybersecurity Engineering & Architecture
Red Team Pentesting | HW & SW BoMs | CBoM |
Vulnerability Management | Tabletop Exercises (TTX) |
Embedded Systems Architecture | Threat Intelligence |
TARA (Threat Assessment and Remediation Analysis)
Disabled Veteran Owned and Operated
No comments:
Post a Comment