Need for speed is the title of a famous video game dedicated to sports car racing, but we can use it to paraphrase a recurring situation in cybersecurity, namely the need for speed and responsiveness to respond to cyber threats. Let’s take a cue from two events in this May 2020 that will be remembered for two particular attacks: the first, apparently initiated months ago, involves the data breach suffered by the EasyJet company that resulted in the data theft of 9 million customers, leading to a partial shutdown of operations already brought to their knees by the global pandemic. With the investigation still ongoing, the information is not precise, but it appears it could be a breach that compromised the company’s cloud services. An attack conducted differently than the 2018 attack on British Airways that was completed in two weeks via a data breach through a compromised site, with the information of 380,000 passengers stolen. The data breach suffered by EasyJet, according to rumors, did not compromise user login credentials but data involving email addresses, some credit card details (fortunately few), and customer travel information-all potentially useful to cyber criminals to develop phishing and malware campaigns. The other piece of news, initially called fake news, and admittedly passed over in silence during this phase two period, is the raid conducted by the hacker collective Anonymous against the San Raffaele hospital in Milan. As proof of the incursion, via the hackers’ Twitter account (@LulzSec_ITA), evidence of the intranet breach has been posted online. According to the collective, the attack was carried out to demonstrate inadequate protection of user data. This is where the affair gets steamy and probably no one will ever know how things actually went down, partly because the national press has unfortunately given little coverage to the issue. On the one hand, the hackers claim to have acted after warning of the vulnerability of the Hospital’s IT infrastructure so that action would be taken; on the other hand, St. Raphael downplays the matter, confirming the attempted intrusion but denying access to sensitive data, calling the leaked information part of an old training course that has long since been decommissioned. The problem, however, is that this attack (apparently) was carried out between mid to late last March and revealed by activists after May 20. So the question remains (regardless of the validity of this data): was the intrusion actually detected? And if it was, why was it not reported within the 72 hours to the Privacy Guarantor as per GDPR regulations. Questions that will probably never be answered, given the paucity of available data. The only thing that is certain, other than the data that appeared on the Internet, is that the Hospital’s management has contacted the relevant bodies to provide any useful clarification and that the breach would involve an outdated application not related to the Hospital’s operating systems. The other good news is that given the provocative nature of the attack, there was no disruption to normal operations for St. Raphael’s.
Different cases, same needs
These are two different and controversial cases, and the evidence available at the moment is too sparse for a proper assessment. The only similarity in these two cases is that the attacks were carried out over the long term. Thus, it remains critical to highlight how essential security protocols, infrastructure certifications, and Vulnerability Assessments are. But the other key element, which must be well taken into account, is responsiveness in certifying that an attack has occurred, blocking it as it occurs, and speed in restoring the infrastructure as quickly as possible. Security procedures and their level are critical to preventing and blocking intrusions, but in the event of a breach, it is important to rely on agile and rapid companies such as Hypergrid that can act with lightning-fast response time to limit the damage and restore the infrastructure by eliminating lockdown time to get back up and running immediately. For companies experiencing intrusions, downtime to processing is often more costly than the actual damage caused by any data theft. For example, Hypergrid Disaster Recovery is a service that can ensure high efficiency in business recovery, just as the Security Data Recorder is able to record all network traffic and, in the event of audits, is able to identify the issues of the attack and relieve IT service managers of responsibility. In addition to the Hypergrid team’s great professionalism, one of the company’s values is its flexibility in preparing solutions to suit each company’s needs while prioritizing security and customer satisfaction.
For advice and information, please feel free to contact us at info@hypergrid.it
Devi effettuare l'accesso per postare un commento.