Netwrix comments on cyber breaches
 

As Japan’s largest IT services provider Fujitsu Limited announces that several of the company’s computers have been compromised with malware, leading to a possible data breach, we ask ask Ilia Sotnikov, Security Strategist and Vice President of User Experience, Netwrix (www.netwrix.com) what companies can do to prevent a data breach of this type and  the best practices that companies need to adopt following a cyberattack.

“The press release from Fujitsu says that they identified malware on ‘multiple’ business computers.   They now suspect that this malware may have been used to exfiltrate personal data and customer information.  This highlights the importance of multiple layers of defence including network detection and response, data access governance (DAG), and endpoint protection along with data loss prevention (DLP) solutions.  When all other prevention and detection controls miss the intrusion, an organisation should have the mentioned measures in place to promptly react to the existing threat and block that final exfiltration step.”
 
“Another notable aspect is the proactive breach notification approach that Fujitsu has taken.  We don’t know how far they are in their investigation, but according to the press release they’ve notified potentially impacted individuals, customers, and the relevant Japanese authorities.  The decision about when and how much to disclose often depends on the organization’s culture.  Some organizations wait to be certain about the scope and the details of the incident before they report anything to avoid any misinterpretations.  Others, like Fujitsu, take a more proactive approach and inform potentially impacted customers that there may be a risk of misuse of their personal information.  Increasingly tighter breach notification rules we see in various jurisdictions aim to encourage companies to share the information early so that both authorities as well as any impacted parties are aware sooner and can make their own risk-based decisions.”